You are currently filtering for items tagged with MVC

Automatic encryption of secure form field data

How to keep secure form data secure

Overview

My article on Throttling Requests got quite a bit of attention, so I thought I would continue the security theme and show you a simple method of automatically encrypting hidden form fields that you don't want the user to be able to change, or know the value of.   I will be making use of an extension to the HtmlHelper, a custom ModelBinder to handle the decryption and also Rijndael encryption to secure your data (you could use any method of encryption you so desire).
I must stress that this is simply one measure to ensure the security of your data, you should always still be validating the action at the code and finally database level, to ensure you have a secure application!
Click Here to read the rest of this post

Generating a valid sitemap automatically with .NET

How to generate a sitemap automatically in .NET

Overview

Jambr is still a baby, as such it's content and structure is changing. 
It originally existed on two urls (www and non-www), and google was indexing both of them and to add to it not long ago I changed the url structure for Articles to be more, SEO friendly. 
All of these changes confuse search engine indexers and one way to help them out is to provide them with a Sitemap.  My rough list of requirements were:
  • To comply fully with the Sitemap protocol
  • To generate automatically, when /sitemap.xml was called
  • To be able to decorate fixed controller actions with an attribute which would include them in the map.
  • To provide a simple way of adding the dynamic content
  • To cache the output for a period of time
Click Here to read the rest of this post

Throttle requests to a .NET MVC action with a custom Action Filter

Protecting your application by throttling

Overview

In my day job I work for HP Enterprise Security Services, part of my role is building secure and robust web applications which do everything possible to prevent malicious attacks.
One of the most simple things you can do in your MVC project is to prevent repeat requests to a page.  This is primarily used in form submissions, for example in the comments box you see on Jambr, I don't want people to be able to repeatedly post to it over and over again, I want to introduce a time limit in-between these requests.
Also, there are going to be a lot of places on a typical site you want to limit such behaviour, but don't want to repeat the code everywhere.  This is where custom Action Filter Attributes come in.
Click Here to read the rest of this post

Elmah - Installation and Setup

Error Logging Modules and Handlers for ASP.NET

Overview

As promised, here is my next article regarding another tool I find completely invaluable in my life as a developer, Elmah.
Basically Elmah sites quietly on your site, logging any exceptions (Code based or Web Server, for example, 404) which occur to (in this example) a database.  It then provides a nice neat GUI front end to allow you to view the details of these errors, including stack traces.
If you're anything like me, and are tired of conversations which go like this:
  • User: "Karl, the website crashed earlier"
  • Karl: "Oh right, what were you doing"
  • User: "I don't remember, I was just on it, can you fix it please"
  • Karl: "Well I could do with reproducing it...
You will be happy Elmah exists!
Click Here to read the rest of this post

MiniProfiler - Installation and Setup

Profiling your application has never been so easy

Overview

The primary reason I started this web site was to share with you the things I come across in my day job as a Web Developer, the first batch of articles I am going to write will be around the tools I find invaluable in my role.

So first and foremost, let’s take a look at MiniProfiler.

MiniProfiler is a tool created and used by the StackExchange group of websites and is used for profiling your .NET and Ruby applications.

Click Here to read the rest of this post

Tags

.NET, MVC, RSS, Security