Get ASP.NET auth cookie using PowerShell (when using AntiForgeryToken)

At FundApps we run a regular SkipFish scan against our application as one of our tools for monitoring for security vulnerabilities. In order for it to test beyond our login page, we need to provide a valid .ASPXAUTH cookie (you’ve renamed it, right?) to the tool. Because we want to prevent Cross-site request forgeries to our login pages, we’re using… Read more “Get ASP.NET auth cookie using PowerShell (when using AntiForgeryToken)”

Forms Authentication loginUrl ignored

I hit this issue a while back, and someone else just tripped up on it so thought it was worth posting here. If you’ve got loginUrl in your Forms Authentication configuration in web.config set, but your ASP.NET Forms or MVC app has suddenly started redirecting to ~/Account/Login for no apparent reason, then the new simpleMembership(ish) provider is getting in the… Read more “Forms Authentication loginUrl ignored”

Determining if an assembly is x64 or x86

After encountering a strange deployment issue today, eventually it was tracked down to an x86 assembly being deployed to a x64 process. There’s a tool included with Visual Studio called corflags that was helpful here. Open up a Visual Studio command prompt, type corflags.exe assemblyname.dll and you’ll see something like this: Version : v4.0.20926 CLR Header: 2.5 PE : PE32… Read more “Determining if an assembly is x64 or x86”

Redirecting from Community Server to WordPress

Just a quick note – if you switch from Community Server to WordPress like I have, in order to keep your links working you can add a simple regex rewrite rule to IIS. I simply used the following: ^/james_crowley/archive/(.*).aspx$ http://www.jamescrowley.co.uk/$1/ and ^/james_crowley/(.*)$ http://www.jamescrowley.co.uk/$1 where /james_crowley/ was where my blog was installed previously (on weblogs.asp.net as it happens).

Detecting 404 errors after a new site design

We recently re-designed Developer Fusion and as part of that we needed to ensure that any external links were not broken in the process. In order to monitor this, we used the awesome LogParser tool. All you need to do is open up a command prompt, navigate to the directory with your web site’s log files in, and run a… Read more “Detecting 404 errors after a new site design”

Beware: Upgrade to ASP.NET MVC 2.0 with care if you use AntiForgeryToken

If you’re thinking of upgrading to MVC 2.0, and you take advantage of the AntiForgeryToken support then be careful – you can easily kick out all active visitors after the upgrade until they restart their browser. Why’s this? For the anti forgery validation to take place, ASP.NET MVC uses a session cookie called “__RequestVerificationToken_Lw__”. This gets checked for and de-serialized… Read more “Beware: Upgrade to ASP.NET MVC 2.0 with care if you use AntiForgeryToken”

Including Spark views in VS 2010 web deployments

Visual Studio 2010 includes much improved deployment tools – but by default it only includes files “needed to run this application”. If you’re using the Spark view engine for ASP.NET MVC, then the Spark views aren’t considered one of them! The trick is to ensure your .spark views have a build action of “Content” instead of the default “None”. Clearly… Read more “Including Spark views in VS 2010 web deployments”

UrlRewriting, .NET 2.0 SP1 and Search Engines

Having been caught out by this issue once again this weekend, I thought I’d better blog about it so I don’t scratch my head searching around again for a third time! If you’ve been getting some wierd “Cannot use a leading .. to exit above the top directory.” exceptions occuring on your site (you *do* log those, don’t you?), that… Read more “UrlRewriting, .NET 2.0 SP1 and Search Engines”

MasterPages, ViewState and web.config files

protected override void OnInit(EventArgs e)        {            // we use this so that we can set the enableViewState property in the web.config            // although it sets it at the page level, it doesn’t pass it on to the master page            this.EnableViewState = this.Page.EnableViewState;            base.OnInit(e);        }

Gotcha: HTTP_X_FORWARDED_FOR returns multiple IP addresses

I hit a small gotcha this evening. A visitor to Developer Fusion reported that they couldn’t gain access to the site at all, because our IP address detection logic was failing. We were checking the “HTTP_X_FORWARDED_FOR” header for an IP address, before falling back to REMOTE_ADDR, turning the IP into a long integer, and doing an IP-to-country lookup in our… Read more “Gotcha: HTTP_X_FORWARDED_FOR returns multiple IP addresses”

Why is the HtmlHead class sealed?

ASP.NET 2.0 gives us a Page.Title property, which we can set in code, or in the Page directive. Great! Unfortunately, I had a requirement so that whilst I’d be setting a portion of the title from the page, the rest would be pre-defined (ideally within the master page that I use). Obviously you can’t fiddle the stuff in the server-side… Read more “Why is the HtmlHead class sealed?”

Caching Method Results in ASP.NET 2.0 using Delegates

Hmm. Talk about over-engineering. I don’t think we really need generics at all, provided we’re happy with a cast outside the method instead of inside it. public delegate object MethodExecution();public static object GetCachedMethod(string key, DateTime absoluteExpiration, MethodExecution method){    if (HttpContext.Current.Cache[key] == null)        HttpContext.Current.Cache.Insert(key,            method(),            null, absoluteExpiration, Cache.NoSlidingExpiration);     return HttpContext.Current.Cache[key];    }...return (DataSet)GetCachedMethod(key, DateTime.Now.AddDays(1),                delegate() { return SomeMethodThatReturnsADataSet(myParam); });