ASP.NET Anti-Forgery Tokens internals


Anti-Forgery Tokens were introduced in ASP.NET in order to prevent Cross-Site Request Forgeries. There are many sites which describe how to use and configure those tokens in your application. But in this post I’m going to show you what exactly those tokens contain, where they are generated and how to customize them.

Let’s start our journey from a sample Razor HTTP form:

...
@using (Html.BeginForm()) {
    @Html.AntiForgeryToken()
    @Html.TextBoxFor(m => m.Name)<br />
    @Html.TextBoxFor(m => m.FullName)<br />
    <br />
    <input type="submit" value="Test" />
}
...

Read more ›

Tagged with: , , , ,
Posted in ASP.NET Security, CodeProject

Reference Source, dotPeek and source code debugging


Not so long ago Microsoft has made .NET source code browsable through a really nice page: http://referencesource.microsoft.com/. Additionally, they promised that the .NET Framework source code debugging will finally work in Visual Studio. At almost the same time JetBrains published EAP of its dotPeek tool with some great features that make “reverse-engineered debugging” extremely easy. And for other DLLs we still have the old Microsoft Public Symbols server. In this post I am going to show you how I configure my system and Visual Studio for different debugging scenarios.

Read more ›

Tagged with: , , ,
Posted in CodeProject, PDB files usage

LowLevelDesign.NLog.Ext and ETW targets for NLog


I really like the NLog library and I use it pretty often in my projects. Some time ago I wrote a post in which I showed you my preferred debug and production configuration. Other day I presented you a simple layout renderer for assembly versions. Today, I would like to inform you that all those goodies ;) are available in my brand new LowLevelDesign.NLog.Ext Nuget package.

Additionally, you may find in it two ETW NLog targets. ETW (Event Tracing for Windows) is a very effective way of logging and its support in kernel makes it a great choice for verbose/trace/debug logs. Moreover, if you are using Windows Performance Toolkit in your performance analysis, providing your own ETW messages will help you correlate system events with methods in your application. ETW infrastructure is highly customizable (check Semantic Logging Application Block to see how your logs might look like and how they might be consumed:)).

Read more ›

Tagged with: , , , ,
Posted in CodeProject, Logging with NLog

Stopwatch vs. DateTime


.NET developers usually know they should measure code performance using a Stopwatch class from the System.Diagnostics namespace. From time to time though I see code where someone uses DateTime instances for this purpose. And it’s not very surprising as DateTime class is usually the one that comes to mind when you think of time in .NET. In today’s post I would like to show you the difference in accuracy of both those approaches and the price you need to pay using either of them. We will work on this sample code that does nothing but measure time :):

Read more ›

Tagged with: , , , ,
Posted in CodeProject, Profiling .NET applications

MSMQ helper tools


In today’s short post I would like to present you three tools that I use frequently in diagnosing services that use MS Message Queues. These are:

  • MessageDumper – downloads and removes messages from queue
  • MessagePeeker – downloads but does not remove messages from queue
  • MessagePusher – sends collected messages to a given queue

MessageDumper and MessagePeeker gather messages in batches, storing each batch in a separate file. The size of the batch and the number of files is configurable from the command line. Output files can be then processed by MessagePusher and send to a different queue, for example on a developer’s machine.

Case of diagnostics

Imagine you have a production Windows Service that processes statistics. Statistics are generated by web applications on people actions and sent to your service using MS Message Queues (let’s assume the service queue is private and its name is LowLevelDesign.Stats). Some day you observe that for a specific set of statistics messages your service breaks. In order to debug the issue locally you need those messages. You may then ask your admin to stop the service, wait for the statistics to come and run:

MessagePeeker -q .\private$\LowLevelDesign.Stats -o brokenset 

This command should generate 2 files on output: brokenset.headers and brokenset.1. The first one is a header file which contains information about messages stored in other files. Copy the generated files to your local machine and run:

MessagePusher -q .\private$\LowLevelDesign.Local.Stats -i brokenset

and all the saved messages will be sent to your local queue. As said previously when you have many messages to process you may gather them in batches. The presented tools are available for download on my .NET Diagnostics Toolkit page.

Tagged with: ,
Posted in Diagnosing Applications on Windows

NullReferenceException and MachineKey.Decode


In my recent project I had to sign a http cookie in order to disallow any unauthorized changes to its content. I didn’t want to reinvent the wheel but use something already implemented in ASP.NET – for instance mechanism that is used to sign ViewState content. After some research I found promising methods: System.Web.Security.MachineKey.Encode/Decode (I’m using .NET4, in 4.5 these method are obsolete and new methods: Protect/Unprotect were introduced to replace them). Let’s first look at an example how to use those methods. The below code snippet retrieves content of a signed cookie or prints information that the cookie was tampered:

Read more ›

Tagged with: , , ,
Posted in Diagnosing ASP.NET

ASP.NET MVC bundles internals


The idea of minimizing and combining multiple script and style files into one file has been popular among web developers for quite some time. With the 4th version of ASP.NET MVC Microsoft introduced a mechanism (called bundles) that allow .NET developers to automate and control this process. Although bundles are quite easy to configure and use they might sometimes do not behave as expected. In this post I’m going to acquaint you with bundles internals and present you ways to troubleshoot problems they may generate.

Read more ›

Tagged with: , , ,
Posted in CodeProject, Diagnosing ASP.NET
Follow

Get every new post delivered to your Inbox.

Join 36 other followers