Posts

Debugging a Visual Studio Web Application that uses Windows Authentication

Image
In many companies, web applications are developed that use Windows Authentication for validating users of those applications. These are not just internal facing applications either, as many companies either have customer or extranet systems that use Windows Authentication.

Debugging a web application in Visual Studio that uses Windows Authentication can be problematic without making changes to how it is set-up for debugging, and how your browser is configured.

The Set-Up
In order to debug a web application that uses Windows Authentication, you will firstly need to configure your project to use IIS Express, and this is done by setting properties in the Web section of the project's properties page:


Here you need to select Use IIS Express and click the Configure Virtual Directory button, as shown above.

The next step is to select the UI project for your web application (if there are multiple projects in the solution) in the solution explorer window, and press F4 to bring up the properties…

MVC - SSL, Testing and Production Nuget Package Released

Following on from my earlier post regarding awareness of SSL flag removal that can cause security holes ending up in released code from a development environment, I've released RemoteRequireHttps as a package on Nuget.org

Please download and use as required!


HTML to PDF Conversion in MVC 4

My preferred tool for dynamically creating PDF documents in a web application is iTextSharp (http://sourceforge.net/projects/itextsharp/) however, I recently had a PDF generation problem to solve where iTextSharp couldn't help.

One thing that seems to be an issue is the generation of PDF documents from HTML, and ensuring CSS used to style the HTML is included in the generation. If the CSS is not included, then the resulting PDF can be greatly different from the source HTML. This can be a problem if for example you need to convert a HTML page returned from a third party's webservice. You have no control over the source HTML, but need the PDF to be styled as per the returned HTML. This situation is commonly encountered with invoice generation, delivery label generation, that sort of thing.

There is an excellent program available that will convert HTML to PDF and preserve all styling, however it is  a command line program - wkhtmltopdf (http://code.google.com/p/wkhtmltopdf/). The s…

WebAPI and Subscriber Authentication by Custom HTTP Headers

Recently I've been experimenting with WebAPI, part of the ASP.NET 4 framework. Whilst providing a great way to provide HTTP services, most HTTP services that are provided by companies are on a subscription basis. With this in mind, how can I best secure my HTTP Services for consumption by a paying subscriber?

The easy answer is to pass in an authentication token or credentials with each call to your HTTP service. How you do this is important, particularly for GET methods.

The best solution I've come up with so far is to add a custom authentication header to calls to my HTTP service, and provide a mechanism in my WebAPI MVC application to check the authentication provided in the header of each call.

First, we need to build our WebAPI MVC application! To do this:

Start Visual Studio and select New Project from the Start page. Or, from the File menu, select New and then Project.

In the Templates pane, select Installed Templates and expand the Visual C# node. Under Visual C#, select We…

MVC - SSL, Testing and Production

I recently had a conversation with a colleague about SSL and how a login page for an MVC application could be forced over SSL, to ensure credentials supplied in the login form are sent over an encrypted channel.

The answer is quite easy: there is a flag that can be set for your controller method calledRequireHttps

However..

During my time as a developer, one problem I have seen and witnessed many times is the one of development code being published to a production environment. The consequences of which can range from minor embarrassment (Response.Write() anyone?) to dangerous security holes.

When debugging an application, having the RequireSSL flag set for a controller method can cause all sorts of issues and the temptation is to comment out this flag for debugging. The danger here of course is that this flag is not then un-commented for deploying to a production environment.

There are several ways to ensure this doesn't happen:

1.You could use IIS and a self-signed certificate when tes…

Entity Framework 4.3 Seeding Data Using int as Identity Column Type

When seeding data using EF 4.3 code first, there is a gotcha when seeding data in identity columns. Let me explain.


In a recent project, I had two tables as part of my model. The first one was called Questions, and the code looked like:

[Table("Questions", Schema = "Forms")] public class Question { public int QuestionID { get; set; } [Required(ErrorMessage = "The question is required")] [MaxLength(400)] public string QuestionText { get; set; } public string Marker { get; set; } }
The next table was a relationship table to link Question records to a table with Form records. I had used a linking table as I needed a display order column:

[Table("FormsQuestions", Schema = "Forms")] public class FormsQuestions { [Key, ForeignKey("Form"), Column(Order = 0)] public int FormID { get; set; } public virtual Form Form { get; set; } …

ASP.NET DropDownList Postback: The jQuery AJAX Replacement for MVC

It was handy in ASP.NET WebForms to have the AutoPostback property and use the SelectedIndexChanged event, to allow other parts of your WebForm to be updated depending on user selection!

With MVC and Razor you can achieve the same functionality, but it has to be done using some other way that fits in with a View. Recently I had a requirement to render a list of checkboxes on a user form; the catch was that the list of checkboxes to be rendered was dependant on a drop down list option the user selected on the same form...
With this senario, we have three main components to any solution:
1. We need to fire a method when the drop down list selection changes. 2. This method needs to take the value of the selected item in the drop down list and return output based on that value. 3. The returned output needs to be rendered in the view.
With the requirement I had, I needed to query a database to return the data needed to render the checkboxes. The solution I used utilised jQuery AJAX and JSO…