Securing your ASP.NET MVC 4 App and the new AllowAnonymous Attribute

You cannot use routing or web.config files to secure your MVC application. The only supported way to secure your MVC application is to apply the Authorize attribute to each controller and use the new  AllowAnonymous attribute on the login and register actions.

http://blogs.msdn.com/b/rickandy/archive/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute.aspx

How to solve "The specified DSN contains an architecture mismatch between the Driver and Application"?

This error happen on  Classic asp on IIS 7 with window 7 64 bit for MS Access database.

Change the "Advanced Settings" on your Application Pool to "Enable 32-bit applications" = True


Reference:
http://social.technet.microsoft.com/Forums/en/w7itproinstall/thread/02bbfb17-d892-49a3-b1f6-75c2533a18a1

How to set up ODBC system DSN on Windows 7?

in command line run:
C:\Windows\SysWOW64\odbcad32.exe

[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified

How to run & debug classic ASP in Visual Studio 2010 with IIS 7 on Windows 7

http://www.falconwebtech.com/post/2010/12/28/Debugging-Classic-ASP-in-IIS7-and-VS2010.aspx

The triangle of writing metrics

Dynamic Form in Asp.net MVC & jquery

http://blog.platformular.com/2012/03/13/dynamic-form-in-asp-net-mvc-jquery/

How to make Google Plus One Button to custom control in ASP.NET Webform

http://www.superstarcoders.com/blogs/posts/google-plus-one-button-for-asp-net.aspx

It's quite straight forward to include a Google +1 button in your ASP.NET using the Google Plus One server control:

<ssc:GooglePlusOne Size="Medium" Annotation="Bubble" runat="server" />

How to determine current Visual Studio configuration at runtime?

Three steps:
1.      Add a new configuration into solution
2.      In the property of this project, Add a Conditional Compilation Symbol for this configuration
3.      In code, check if this symbol existed by Preprocessor directives.

        public static bool ProVersion

        {

            get

            {

#if PRO_VERSION

                return true;

#else

                return false;

#endif

            }

        }

Reference:

http://stackpopstudios.com/tutorial-using-visual-studio-solution-configuration-to-manage-free-vs-paid/

How to test a web page for security purpose

Reference:
http://forums.asp.net/t/1782142.aspx/1


the security testing for your web application can be divded into two steps:
1) the first step is focus on the server-side web application/pages code. You can do some manual code review according to some code best practice(you can search the Microsoft Pattern and Practice center for references) for any potential issues in code. And You can also leverage some automation code analysis tools like the FxCop (or the Visual Studio Code analysis functions) to perform code checking based on some predefined rules. And there are some existing rules for checking security vulnerability. Here are some reference for your information:
#Fxcop ASP.NET security rules
http://fxcopaspnetsecurity.codeplex.com/
#Code Analysis for Managed Code Overview h
ttp://msdn.microsoft.com/en-us/library/3z0aeatx.aspx
#Microsoft Code Analysis Tool .NET (CAT.NET) v1 CTP - 32 bit
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19968
2) The second steps is to perform live security testing. There are some automation tools which can help automatically detect potential secuirty issues based on the HTTP traffice between browser and your web application. The Watcher tool is one of them which is open and free. You can run watcher as a fiddler add-in function and checking security issues for your web pages or service endpoints.
#watcher: Web security testing tool and passive vulnerability scanner
http://websecuritytool.codeplex.com/

How to Make IIS Express the Default for VS2010 Web Project

http://ardalis.com/make-iis-express-the-default-for-vs2010-web-projects

Doing Page Layouts without Tables

<style type="text/css">
#container {
  min-width: 800px;
}

#leftColumn {
  float: left;
  width: 300px;
  height: 100%;
  background-color:red;
}

#middleColumn {
  background-color:green;
  height: 100%;
}

#rightColumn {
  float: right;
  width: 300px;
  height: 100%;
  background-color:blue;
}
</style>

<div id="container">
  <div id="rightColumn">
    Right Column, Right Column, Right Column,
    Right Column, Right Column, Right Column,
    Right Column, Right Column, Right Column
  </div>
  <div id="leftColumn">
    Left Column, Left Column, Left Column,
    Left Column, Left Column, Left Column,
    Left Column, Left Column, Left Column
  </div>
  <div id="middleColumn">
    Middle Column, Middle Column, Middle Column,
    Middle Column, Middle Column, Middle Column,
    Middle Column, Middle Column, Middle Column
  </div>
</div>
http://stephenwalther.com/blog/archive/2012/03/19/metro-introduction-to-css-3-grid-layout.aspx?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+StephenWalther+%28Stephen+Walther%29

How to solve access denied problem on IIS 7?

Two ways:

#1 Manual

In file explorer, right click, goto security tab, Add IIS APPPOOL\DefaultAppPool into your folder


#2 Command line:
icacls c:\inetpub\wwwroot\YourPath /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)

Reference: http://serverfault.com/questions/81165/how-to-assign-permissions-to-applicationpoolidentity-account

 

How to set new password without old one in ASP.NET Membership?

Reset password, then use reseted password as old password to set new one.

                 MembershipUser user = Membership.GetUser(username);
                string oldpassword = user.ResetPassword();
                user.ChangePassword(oldpassword, "newpassword");

Credit Card validation for ASP.NET (Web Forms and MVC)

http://www.superstarcoders.com/blogs/posts/luhn-validation-for-asp-net-web-forms-and-mvc.aspx

LUHN Algorithm

The LUHN algorithm is a popular way to validate credit card numbers. I’ve used it many times while developing e-commerce applications to check that a user has entered their credit card number correctly. By using the LUHN algorithm to verify a card number, you can let a customer know their card number is invalid before taking payment through a gateway. After all, it’s a better user experience if they don’t have to wait for the server to try and authorize their card through a payment gateway with incorrect details that could have been detected using a simple LUHN check!

C#

public static class LuhnUtility
{
   public static bool IsCardNumberValid(string cardNumber, bool allowSpaces = false)
   {
      if (allowSpaces)
      {
         cardNumber = cardNumber.Replace(" ", "");
      }
      
      if (cardNumber.Any(c => !Char.IsDigit(c)))
      {
         return false;
      }

      int checksum = cardNumber
         .Select((c, i) => (c - '0') << ((cardNumber.Length - i - 1) & 1))
         .Sum(n => n > 9 ? n - 9 : n);

      return (checksum % 10) == 0 && checksum > 0;
   }
}

Javascript:

function isCardNumberValid(cardNumber, allowSpaces) {
   if (allowSpaces) {
      cardNumber = cardNumber.replace(/ /g, '');
   }

   if (!cardNumber.match(/^\d+$/)) {
      return false;
   }

   var checksum = 0;

   for (var i = 0; i < cardNumber.length; i++) {
      var n = (cardNumber.charAt(cardNumber.length - i - 1) - '0') << (i & 1);

      checksum += n > 9 ? n - 9 : n;
   }

   return (checksum % 10) == 0 && checksum > 0;
}

Real Coding

http://weknowmemes.com/2012/02/coding-while-learning-it-at-college-vs-coding-in-a-real-job/

 

HTML5 Form Validation

http://stephenwalther.com/blog/archive/2012/03/13/html5-form-validation.aspx?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+StephenWalther+%28Stephen+Walther%29



<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Required Demo</title>
</head>
<body>

    <form>
        <label>
            First Name:
            <input required title="First Name is Required!" />
        </label>
        <label>
            Last Name:
            <input required title="Last Name is Required!" />
        </label>
        <button>Register</button>
    </form>

</body>
</html>

Page Inspector in an MVC Application in Visual Studio 11 Beta

http://www.asp.net/mvc/tutorials/mvc-4/using-page-inspector-in-an-mvc-application-in-visual-studio-11-beta

What is BrowserID and how does it work?

BrowserID lets you use your email address and a single password to sign in to any site that supports it
https://support.mozilla.org/en-US/kb/what-browserid-and-how-does-it-work

ASP.NET: Integrating BrowserId and ASP.NET Membership With Your MVC Applicatio

http://www.eggheadcafe.com/tutorials/asp-net/b5080f5a-b9e4-4579-bcdd-2147261f63e2/aspnet-integrating-browserid-and-aspnet-membership-with-your-mvc-application.aspx

BrowserID is a distributed system that allows users to use their email address as the login name and password. It is much simpler than OpenID, and also much easier for developers to integrate into their web sites. There is also no need to store passwords or password hashes, since all authentication is performed by the offsite provider.

It’s The Little Things about ASP.NET MVC 4

http://haacked.com/archive/2012/03/11/itrsquos-the-little-things-about-asp-net-mvc-4.aspx

What is Lucene.Net?

Lucene.Net is an exact port of the original Lucene search engine library, written in C#. It provides a framework (APIs) for creating applications with full text search.
http://www.codeguru.com/csharp/.net/net_asp/article.php/c16869/

What ASP.Net MVC Developers Can Learn From GitHub’s Security Woes

 http://www.diaryofaninja.com/blog/2012/03/11/what-aspnet-mvc-developers-can-learn-from-githubrsquos-security-woes

ASP.NET Hosting, 4$/m

http://www.top-cheap-web-hosting.com/windows-web-hosting/
http://www.arvixe.com/asp_net_web_hosting

Introduction to the ASP.NET Web API

http://stephenwalther.com/blog/archive/2012/03/05/introduction-to-the-asp-net-web-api.aspx

With the release of ASP.NET 4 Beta, Microsoft has introduced a new technology for exposing JSON from the server named the ASP.NET Web API. You can use the ASP.NET Web API with both ASP.NET MVC and ASP.NET Web Forms applications.

What is difference between == and === operator in Javascript?

0 === 0 // true
0 == '0' // true

0 === '0' // false
0 == false // true

0 == '' // true
null == undefined // true
null === undefined // false

How to get current date time in JavaScript

var currentDateTime = new Date();

ASP.NET authentication cookies and their security

http://www.campusmvp.net/web-security-asp-net-authentication-cookies-and-their-security/

What is stored in a cookie?

This cookie contains the Forms authentication ticket. This ticket, represented by the FormsAuthenticationTicket class, contains the following data/members:

• Version: the version of ticket’s format.
• Name: current user’s name, unique for the whole system and main key to restore the authenticated session. In addition, it’s used for binding with other ASP.NET APIs such as Roles or Profile.
• Expiration: when the ticket (and the cookie) expires.
• IssueDate: date in which it was generated.
• IsPersistent: if the cookie will be saved on the hard disk.
• UserData: extra data about the user. Usually this is an empty string since it’s written from the Membership provider and the default implementations do not write anything here.
• CookiePath: relative path from where the cookie is stored. Default is “/”.

This information is serialized and encrypted by setting a cookie that is stored on the client side. There is a private method in the FormsAuthentication class named MakeTicketIntoBinaryBlob which is in charge of serializing the information. This is called from another private method, Encrypt, which is in charge of the encryption.

How is a cookie encrypted?

We can set some properties to handle this kind of authentication from the cookies configuration in the<forms> node in the web.config. One of these properties is protection. It can take the following values:

• Encryption: with this value the ticket is encrypted before being saved in the cookie.
• Validation: requires cookies validation.
• All: It’s the default value and also the recommended one. Requires both validation and encryption of the cookie that contains the authentication ticket.
• None: does not validate or encrypt the cookie. It’s not recommended to use this value since there is no protection for cookies. Performance is improved because it steers clear of additional cryptology processes.

Encryption is performed using specific information in the section <machineKey> in web.config. From .NET 2.0 and later the AES algorithm is used (Advanced Encryption Standard also known as Rijndael, the standard for best balance between security and speed in symmetric encryption), but other less secure algorithms, such as DES and 3DES, are supported.

Using ASP.NET Web API with ASP.NET Web Forms

http://blogs.msdn.com/b/henrikn/archive/2012/02/23/using-asp-net-web-api-with-asp-net-web-forms.aspx

A Tester Is…

http://blog.softwaretestingclub.com/2012/02/a-tester-is/

How to validate a form without Model validation setting in ASP.NET MVC3?

Use jQuery validation plugin directly
<script src="@Url.Content("~/Scripts/jquery-ui.js")" type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/jquery.validate.js")" type="text/javascript"></script>
@using (Html.BeginForm("ActionName", "ControllerName", FormMethod.Get, new { id="FormName"}))
{
   <text>Required Field:</text>
    Write(Html.TextBox("id", "", new {@class = "required" }));
    <input type="submit" value="Go" />
}
<script type="text/javascript">
    $(document).ready(function () {
        $("#FormName").validate();
    });
</script>