Automatic encryption of secure form field data

How to keep secure form data secure

Overview

My article on Throttling Requests got quite a bit of attention, so I thought I would continue the security theme and show you a simple method of automatically encrypting hidden form fields that you don't want the user to be able to change, or know the value of.   I will be making use of an extension to the HtmlHelper, a custom ModelBinder to handle the decryption and also Rijndael encryption to secure your data (you could use any method of encryption you so desire).
I must stress that this is simply one measure to ensure the security of your data, you should always still be validating the action at the code and finally database level, to ensure you have a secure application!
Click Here to read the rest of this post

Generating a valid sitemap automatically with .NET

How to generate a sitemap automatically in .NET

Overview

Jambr is still a baby, as such it's content and structure is changing. 
It originally existed on two urls (www and non-www), and google was indexing both of them and to add to it not long ago I changed the url structure for Articles to be more, SEO friendly. 
All of these changes confuse search engine indexers and one way to help them out is to provide them with a Sitemap.  My rough list of requirements were:
  • To comply fully with the Sitemap protocol
  • To generate automatically, when /sitemap.xml was called
  • To be able to decorate fixed controller actions with an attribute which would include them in the map.
  • To provide a simple way of adding the dynamic content
  • To cache the output for a period of time
Click Here to read the rest of this post

Throttle requests to a .NET MVC action with a custom Action Filter

Protecting your application by throttling

Overview

In my day job I work for HP Enterprise Security Services, part of my role is building secure and robust web applications which do everything possible to prevent malicious attacks.
One of the most simple things you can do in your MVC project is to prevent repeat requests to a page.  This is primarily used in form submissions, for example in the comments box you see on Jambr, I don't want people to be able to repeatedly post to it over and over again, I want to introduce a time limit in-between these requests.
Also, there are going to be a lot of places on a typical site you want to limit such behaviour, but don't want to repeat the code everywhere.  This is where custom Action Filter Attributes come in.
Click Here to read the rest of this post

Creating an RSS 2.0 feed with .NET Syndication Namespace

Creating an RSS 2.0 feed using .NET Syndication

Overview

In my Previous Post I demonstrated how to create an RSS feed using an XML Document.
This got some attention as it was pointed out to me that I could achieve the same result using the .NET Syndication classes.  As a result I have created this programming article with an alternate version of the class, which does away with the XMLDocument manipulation and uses these Syndication classes.
As with any default namespaces and classes in the .NET framework, they expose a lot of things that I quite simply don't need for my simple News or Article RSS feed, so I have wrapped them up as I did last time into a utility class, which enables you to quickly and easily create your feed.
Click Here to read the rest of this post

Creating an RSS 2.0 feed with .NET

Creating an RSS 2.0 feed using .NET XmlDocument

Overview

Rather than post another article about setting up and using third party tools with .NET MVC, I thought I would take a slightly different approach this time and write a Programming with .NET article based on something I have had to do whilst creating Jambr.
I had the requirement to create an RSS feed for both the Articles and News sections of the site so you lovely readers could subscribe to either of them, I haven't actually had to create RSS feeds before so had to do some digging to find the best route to go down.  I read numerous programming articles on line and compiled a simple class which enables me to create an RSS2.0 compliant feed, as seen here.
Click Here to read the rest of this post

Elmah - Installation and Setup

Error Logging Modules and Handlers for ASP.NET

Overview

As promised, here is my next article regarding another tool I find completely invaluable in my life as a developer, Elmah.
Basically Elmah sites quietly on your site, logging any exceptions (Code based or Web Server, for example, 404) which occur to (in this example) a database.  It then provides a nice neat GUI front end to allow you to view the details of these errors, including stack traces.
If you're anything like me, and are tired of conversations which go like this:
  • User: "Karl, the website crashed earlier"
  • Karl: "Oh right, what were you doing"
  • User: "I don't remember, I was just on it, can you fix it please"
  • Karl: "Well I could do with reproducing it...
You will be happy Elmah exists!
Click Here to read the rest of this post

MiniProfiler - Installation and Setup

Profiling your application has never been so easy

Overview

The primary reason I started this web site was to share with you the things I come across in my day job as a Web Developer, the first batch of articles I am going to write will be around the tools I find invaluable in my role.

So first and foremost, let’s take a look at MiniProfiler.

MiniProfiler is a tool created and used by the StackExchange group of websites and is used for profiling your .NET and Ruby applications.

Click Here to read the rest of this post

Tags

.NET, MVC, RSS, Security