Get ASP.NET auth cookie using PowerShell (when using AntiForgeryToken)

At FundApps we run a regular SkipFish scan against our application as one of our tools for monitoring for security vulnerabilities. In order for it to test beyond our login page, we need to provide a valid .ASPXAUTH cookie (you’ve renamed it, right?) to the tool. Because we want to prevent Cross-site request forgeries to our login pages, we’re using… Read more “Get ASP.NET auth cookie using PowerShell (when using AntiForgeryToken)”

Using Gulp – packaging files by folder

GulpJS is a great Node-based build system following in the footsteps of Grunt but with (in my opinion) a much simpler and more intuitive syntax. Gulp takes advantage of the streaming feature of NodeJs which is incredibly powerful, but means in order for you to get the most out of Gulp, you certainly need some understanding of what is going… Read more “Using Gulp – packaging files by folder”

Forms Authentication loginUrl ignored

I hit this issue a while back, and someone else just tripped up on it so thought it was worth posting here. If you’ve got loginUrl in your Forms Authentication configuration in web.config set, but your ASP.NET Forms or MVC app has suddenly started redirecting to ~/Account/Login for no apparent reason, then the new simpleMembership(ish) provider is getting in the… Read more “Forms Authentication loginUrl ignored”

Saving thumbnails in the original file format with C#

I tripped up on a strange quirk working with the Image and ImageFormat classes recently. The intention was simple – load an Image object from an existing graphic, generate a thumbnail, and save it out in the original format. The Image class in .NET includes a handy “RawFormat” property indicating the correct format to save out in. So far, so… Read more “Saving thumbnails in the original file format with C#”

Detecting 404 errors after a new site design

We recently re-designed Developer Fusion and as part of that we needed to ensure that any external links were not broken in the process. In order to monitor this, we used the awesome LogParser tool. All you need to do is open up a command prompt, navigate to the directory with your web site’s log files in, and run a… Read more “Detecting 404 errors after a new site design”

Posting to Facebook Page using C# SDK from offline app

If you want to post to a facebook page using the Facebook Graph API and the Facebook C# SDK, from an “offline” app, there’s a few steps you should be aware of. First, you need to get an access token that your windows service or app can permanently use. You can get this by visiting the following url (all on… Read more “Posting to Facebook Page using C# SDK from offline app”

Applying app.config transformations (in the same way as web.config)

Visual Studio 2010 doesn’t have the same support for app.config files in the way that their web projects do, in order to vary connection strings and other configuration settings for different release modes – a real shame. You can vote on the issue here. In the meantime though, the ASP.NET team have a fix, detailed here. All you need to… Read more “Applying app.config transformations (in the same way as web.config)”

Beware: Upgrade to ASP.NET MVC 2.0 with care if you use AntiForgeryToken

If you’re thinking of upgrading to MVC 2.0, and you take advantage of the AntiForgeryToken support then be careful – you can easily kick out all active visitors after the upgrade until they restart their browser. Why’s this? For the anti forgery validation to take place, ASP.NET MVC uses a session cookie called “__RequestVerificationToken_Lw__”. This gets checked for and de-serialized… Read more “Beware: Upgrade to ASP.NET MVC 2.0 with care if you use AntiForgeryToken”

Including Spark views in VS 2010 web deployments

Visual Studio 2010 includes much improved deployment tools – but by default it only includes files “needed to run this application”. If you’re using the Spark view engine for ASP.NET MVC, then the Spark views aren’t considered one of them! The trick is to ensure your .spark views have a build action of “Content” instead of the default “None”. Clearly… Read more “Including Spark views in VS 2010 web deployments”

Multiple CSS Classes

I’m not sure I should really admit to not knowing this… but today was the first time I’d realised that the “class” attribute for elements within a HTML document can accept more than one class name. doh. Update: Here’s a simple example. With the following in your style sheet… .align-c { text-align: center; }.font-b { font-weight: bold; } You can… Read more “Multiple CSS Classes”