Scripter2 Call For Beta Testers

This is a call for some beta testers for my completely managed scripting engine.

While I'm not quite ready for beta testing yet, nearly all of the functionality I plan on implementing for 1.0 is there and (hopefully) the major bugs have been weeded out.

NEW There is now a demonstration website.

Scripter2 is this:

  • A scripting engine written in .Net that does not use Reflection at all and is completely interpreted
  • Implements a nice and concise language akin to Lua, PHP, and Javascript.. with some nice features for making "tables" pretend to be classes, and to make duck-typing easy
  • Is simple to extend
  • Completely sandboxed, by design.

So for reference, here is what a simple script looks like:

var table=["foo" => "bar","baz" => 10];
return as string); //returns "bar10"

There is no lambda support planned for 1.0, but there is anonymous functions. And of course, order of operations and all of that works unlike some scripting engines I've seen. There shouldn't be any huge syntax work-arounds either. My scripting engine is implemented properly and should behave like a regular language.

How easy is it to use and extend?

Well, here is a quick example:

public void RunScript(string script)
    Engine=new ScriptingEngine(script);
    //Now add our print function
    var args=new VariableList();
    args.Add(new VariableContainer("message"));
    Engine.Global.Add(new VariableContainer("print", new FunctionVariable(new ExternalScriptFunction(PrintFunction), args)));

BaseVariable PrintFunction(VariableList args, ScriptingEngine s){
    string msg=args.Get<string>("message");

And here is an example Hello World script for it:

print("Hello World!");

Quite easy if I do say so myself. I also am in the process of writing some documentation to go along with it of course to better explain how it all works.

So far, it runs on

  • Mono 2.10
  • ,Net 3.5
  • Mono For Android
  • XBox 360/XNA (For Indie Games) (with very minor changes)
  • Windows 7 Phones

For the last two, XBox and Windows 7, very minimal testing has been done. I don't own a Windows 7 phone, and have never messed with developing for the XBox 360. Also, because it supports all of these platforms, it should be ready to go for a "write-once-run-everywhere" type system, such as Unity.

What do beta testers get:

  • A time-expiring assembly
  • Those that give me some feed back may get a copy of the source code if it will assist in beta testing and/or bug fixing
  • Some documentation

After beta testing is complete and it is released, all beta testers that sent some form of feedback will get a commercial license for the engine which includes source code.

If this sounds like something you'd like to test out, drop me a line at earlz -at- this domain name( You can also drop me a line if you want more information about it or a planned release date.

Posted: 6/26/2012 9:03:47 AM

Next Up: Scripter2

Hello, I thought I'd give a little update as to what I've been doing with my time the past week or two.

I've been building a lightweight scripting engine in fully managed(no reflection) C# code. Now, I've done this once before. At one of my previous employer's, FosTech, I built a scripting engine. Sadly, I never was able to negotiate any source code rights with my boss so I could extend on to it further.

So... when you can't get the code, the only choice is to rewrite it. Fortunately, it's probably a good thing I didn't get the source code for that project. I was still very new to C# when I wrote it, and it was my first attempt at a scripting engine. The code as I remember was horrible, and it barely cobbled along with some superficial syntax restrictions due to my lack of experience with coding parsers.

Luckily, now, I'm writing something similar. I don't have a name for the language or engine yet. The codename I guess is scripter2 as that's what I called it when I needed a project directory.

So, what is Scripter2 and why does it poop rainbows and marshmallows? Basically, it's a very cool scripting engine that is written in C#. It is an interpreter. It uses no dynamic code or reflection of any sort. This means it will run in even the most restricted of .Net environments. It's designed to resemble Javascript and Lua. And it's also designed so that interfacing with C# code is as simple as possible. It's also in a sandbox by design, and all methods out of the sandbox must be very explicit.

So, what does this language look like?

Here's a sampler of what's supported so far:

//a comment
var f=function(){
  return "foo";
var t=[]; //a "table". Very similar to what's in Lua
t["foo"]="bar"; //this will work"bar"; //as will this and reference "foo"

var num=("123" as int + "10" as int) as string + "foo";
assert(!isdefined(xyz)); //isdefined() is a built in function that test if a variable is declared
assert(!isdefined(; //works on tables too

  return x+10;

More cool stuff is some syntactic sugar for duck-typing and for making "private" variables in tables... and hopefully (eventually) lambdas.

So far, it's actually quite usable for some basic scripting. It's turing-complete, follows order of operations, and easily extended. However, I know that quite a few things still have throw new NotImplementedException() and there are surely some lurking bugs as my regression testing is not nearly as thorough as it should be right now.

Eventually, when the engine gets more complete (probably to where it has everything but lambdas and operator overloading) I'll put up a public demo application so you can test it out.

My plans for it once it's to a point of "completion" are to try to sell it. I'm unsure on if it's going to be dual-licensed GPL/commercial or if it's just going to be straight commercial licenses. But, if you think this thing sounds interesting and are looking for a sandboxed and managed scripting language for .Net, send me an email at earlz -at- this domain name( I'd love some alpha testers and beta testers! And of course you'd get free commercial licenses as well.

Posted: 6/25/2012 9:09:11 AM

Fast, Secure, and Concise Authentication -- Call for beta testers

Well, I'm announcing it finally. I've broken out the Authentication module from EFramework and I'm going commercial with it(after fixing quite a few things and extending it). If you still have a copy of the BSD licensed code, I ask you kindly to buy a commercial license. But of course, I can't force you to. I can't retroactively remove the BSD license afterall.

Anyway, I need beta testers! What is FSCAuth? Well, it's a very handy authentication module for ASP.Net. It works on Mono/.Net/Webforms/MVC/You name it. And it's easy, even after the initial "hey a user can login" phase. It's designed to be customized and works well no matter what your database is. Like GUIDs as a unique ID? Go ahead, use em'! Prefer integers instead? You can use those too!

A quick summary:

  • My nemesis is Forms Authentication. Why? Well, because I don't like writing 200 lines of code just so I can use something other than the crappy SQL Server Compact database. Or heaven forbid you want your database to be halfway clean without 50 stored procedures(which do nothing) littered in it.
  • My target audience is small and medium size web applications.
  • I find it a breeze to work with. This blog uses it(in a hidden form)

If you are interested in beta testing, please send me an email at earlz at this domain name( Beta testers that give me feedback will get a non-expiring single-site license when the project is released. The few that give me outstanding feedback will receive a non-expiring multi-site license. In your email please include "fscauth beta testing", a little about yourself, and how you will beta test it(for instance, are you going to put it in your own blog? etc)

Demo Application

Also, if you'd like to see a small demo application you can look at fscauth-demo. It uses an in memory list of users and is limited to 100 users. But you can see the hashes for everyone's account and try hacking stuff.

Below is some more information about it. NOTE: Some of this is not yet implemented(MongoDB and SQL Server UserStores particularly). This is a projection! Some of these features may change or be removed completely.

What is this?

This is a very easy to use authentication module for use in ASP.Net. It's been designed from the beginning to be flexible, but requiring as little setup as possible. It can be used for any database/data store imaginable. I provide as an example 3 different datastores implementations

  1. SQL Server
  2. MongoDB
  3. Generic in-memory list

Why use it?

Well, I created this because I thought ASP.Net Forms Authentication required too much work for simple systems. I wanted something easier, but also more secure out of the box.


For setup you only have to populate 2 fields, and call an Authenticate method from Global.asax. After that, you're ready to show off awesome code like this:

//Some secret stuff you don't want to show to people

or even

  //show something only logged in people see


Right from the beginning Fast, Secure, and Concise Authentication was designed to be fool proof for security. It was designed to be secure enough that even if a dump of the database behind it got leaked, your user's credentials would be safe, and hackers would still not be capable of logging in. By default, all passwords are SHA256 hashed and salted. All login cookies are impossible(or almost) to forge.

Don't take my word for it though; check out the source code. With every license but Personal No Commercial, full source code is included. The source code is not overly complex and at the core is only a few hundred lines including comments. If you look at it and think I did a horrible job, then return it. Binpress offers a 14 day money back guarantee.


Of course, authentication is a core part of a website, so it needs to be fairly fast. Speed was actually the lowest priority of the project, but actually, it's still very fast. The only operation requiring more than one database access is adding a user, and that is only for ease of implementation. On each authentication, there is a total of two hashes computed. With SHA256 this equates to microseconds. This will not be the component that slows your website down.

Also, there is no need for a persistence of session state. So no extra memory used on your servers, nor messy tables in your database. This is what I like to call a "stateless" authentication system.

What's Capable?

Notably, this project does not try to implement everything that is in Forms Authentication. If you require Windows Authentication, or complex Member/Role/Task/Group support, then maybe you should stick with Forms. This is designed rather for the 90% of websites out there that just need a simple user login system with maybe a few groups, and don't want to mess around with writing 200 lines of code to do it.

What's included?

  1. The main authentication module(source code and assembly)
  2. SQL Server example UserStore implementation
  3. MongoDB example UserStore implementation
  4. Generic in-memory list UserStore implementation
  5. ASP.Net Login custom control
  6. ASP.Net UserStatus custom control
  7. ASP.Net Logout custom control
  8. ASP.Net example web application
  9. Offline copy of documentation

Batteries are not included

What Platforms

  • Mono 2.0 and greater
  • .Net 2.0 and greater (below 3.5 must degrade to the slower Managed SHA256 implementation)
  • Designed to run from any database
  • Runs within Medium Trust
  • Works equally well for both Webforms and ASP.Net MVC
  • Runs without modifications in a web cluster
Posted: 4/10/2011 4:55:04 AM