Categories
ASP.NET DevOps Information Security & Privacy Web Development

Get ASP.NET auth cookie using PowerShell (when using AntiForgeryToken)

At FundApps we run a regular SkipFish scan against our application as one of our tools for monitoring for security vulnerabilities. In order for it to test beyond our login page, we need to provide a valid .ASPXAUTH cookie (you’ve renamed it, right?) to the tool.

Because we want to prevent Cross-site request forgeries to our login pages, we’re using … Read more “Get ASP.NET auth cookie using PowerShell (when using AntiForgeryToken)”

Categories
Javascript Web Development

Using Gulp – packaging files by folder

GulpJS is a great Node-based build system following in the footsteps of Grunt but with (in my opinion) a much simpler and more intuitive syntax. Gulp takes advantage of the streaming feature of NodeJs which is incredibly powerful, but means in order for you to get the most out of Gulp, you certainly need some understanding of what is going … Read more “Using Gulp – packaging files by folder”

Categories
ASP.NET Information Security & Privacy Web Development

Forms Authentication loginUrl ignored

I hit this issue a while back, and someone else just tripped up on it so thought it was worth posting here. If you’ve got loginUrl in your Forms Authentication configuration in web.config set, but your ASP.NET Forms or MVC app has suddenly started redirecting to ~/Account/Login for no apparent reason, then the new simpleMembership(ish) provider is getting in the … Read more “Forms Authentication loginUrl ignored”

Categories
IIS Information Security & Privacy

Achieving an A+ grading at Qualys SSL Labs (Forward Secrecy in IIS)

At FundApps we love the SSL Labs tool from Qualys for checking best practice on our SSL implementations. They recently announced a bunch of changes introducing stricter security requirements for 2014, and a new A+ grade – so I was curious what it would take to achieve the new A+ grading. There are a few things required to now achieve … Read more “Achieving an A+ grading at Qualys SSL Labs (Forward Secrecy in IIS)”

Categories
DevOps

Updating Azure Virtual Network to use point-to-site feature

Scott recently announced support for point-to-site VPN connections into Azure – awesome! But what might not be so clear is how to enable it on your existing Virtual Network configuration – because you can’t make changes (at least through the UI) to your virtual network after it has been deployed and is in use.

Fortunately, there appears to be a … Read more “Updating Azure Virtual Network to use point-to-site feature”

Categories
DevOps

Configure Visual Studio 2012 to use 64 bit version of IIS Express

By default Visual Studio (as a x86/32bit process) will always launch the 32bit version of IIS Express. If you have components that specifically require running under 64bit, you can can configure Visual Studio 2012 to use IIS Express x64 version by setting the following registry key:

reg add HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\11.0\WebProjects /v Use64BitIISExpress /t REG_DWORD /d 1

You should note that this … Read more “Configure Visual Studio 2012 to use 64 bit version of IIS Express”

Categories
DevOps

Cisco VPN Client for Windows 8

There isn’t currently a version of Cisco’s VPN client that supports Windows 8, and after installation I received an error message complaining that the “VPN Client failed to enable virtual adapter.”.

Fortunately, there is a way to get this “legacy” VPN client to work, with a small registry change:

  • Open up the registry editor by typing regedit in Run prompt
Read more “Cisco VPN Client for Windows 8”
Categories
General Computing

Disabling Chrome’s Metro app in Windows 8

At time of writing, if you replace IE with Chrome on Windows 8 then Chrome installs both a desktop and a Metro version of itself. Personally, as most of my time is spent in the desktop, I’d rather Chrome just always opened there.

There’s currently an open issue on the chromium website, but in the meantime there’s a relatively simple … Read more “Disabling Chrome’s Metro app in Windows 8”

Categories
Software Engineering

MSDTC gotcha’s with Virtual Machines

Setting up some new infrastructure with a web and seperate db tier, I was hit with the usual MSDTC woes.

Error messages progressed bit by bit as I opened things up:

Attempt #1: The partner transaction manager has disabled its support for remote/network transactions.

Attempt #2: Network access for Distributed Transaction Manager (MSDTC) has been disabled. Please enable DTC for … Read more “MSDTC gotcha’s with Virtual Machines”

Categories
IIS Software Engineering

Migrating old websites & Rewrite maps in IIS 7

If you’re migrating to a new website and need to map old IDs to new IDs, I’ve just discovered that the UrlRewrite plugin in IIS has a great feature I hadn’t come across before called rewriteMaps. This means instead of writing a whole bunch of indentical looking rewrite rules, you can write one – and then simply list the ID … Read more “Migrating old websites & Rewrite maps in IIS 7”

Categories
DevOps

Debugging InstallUtil service installation

If you’re using the Installer class and either InstallUtil or calling the helper methods directly, you might want to attach the debugger to actually track down problems with the code. One simple line:

System.Diagnostics.Debugger.Launch();

will then launch a prompt to pick a debugger to step into the problem code.

Categories
DevOps

Debugging Powershell and Psake commands and parameters

Getting commands and parameters in Powershell and Psake can be pretty troublesome at times. The echoargs helper from the PowerShell Community Extensions can be a lifesaver. If, for instance, you are calling

msbuild.exe /t:Build /p:SomeTroublesomeParametersHere

if you swap msbuild for echoargs (after placing the extensions in C:\Windows\System32\WindowsPowerShell\v1.0\Modules and calling Import-Module pscx), then you’ll see the exact parameters being passed to … Read more “Debugging Powershell and Psake commands and parameters”