Monday, March 26, 2012

How to determine current Visual Studio configuration at runtime?

Three steps:
1.      Add a new configuration into solution
2.      In the property of this project, Add a Conditional Compilation Symbol for this configuration
3.      In code, check if this symbol existed by Preprocessor directives.



        public static bool ProVersion
        {
            get
            {
#if PRO_VERSION
                return true;
#else
                return false;
#endif
            }
        }

Reference:
http://stackpopstudios.com/tutorial-using-visual-studio-solution-configuration-to-manage-free-vs-paid/


How to test a web page for security purpose

Reference:
http://forums.asp.net/t/1782142.aspx/1


the security testing for your web application can be divded into two steps:
1) the first step is focus on the server-side web application/pages code. You can do some manual code review according to some code best practice(you can search the Microsoft Pattern and Practice center for references) for any potential issues in code. And You can also leverage some automation code analysis tools like the FxCop (or the Visual Studio Code analysis functions) to perform code checking based on some predefined rules. And there are some existing rules for checking security vulnerability. Here are some reference for your information:
#Fxcop ASP.NET security rules
http://fxcopaspnetsecurity.codeplex.com/
#Code Analysis for Managed Code Overview h
ttp://msdn.microsoft.com/en-us/library/3z0aeatx.aspx
#Microsoft Code Analysis Tool .NET (CAT.NET) v1 CTP - 32 bit
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19968
2) The second steps is to perform live security testing. There are some automation tools which can help automatically detect potential secuirty issues based on the HTTP traffice between browser and your web application. The Watcher tool is one of them which is open and free. You can run watcher as a fiddler add-in function and checking security issues for your web pages or service endpoints.
#watcher: Web security testing tool and passive vulnerability scanner
http://websecuritytool.codeplex.com/

How to Make IIS Express the Default for VS2010 Web Project

http://ardalis.com/make-iis-express-the-default-for-vs2010-web-projects

image