Timeouts when making web requests in .NET


In one of our applications I recently observed timeouts in code performing HTTP requests to the REST service. While investigating this issue I discovered few interesting facts about System.Net namespace and would like to share them with you. We were using objects of type System.Net.HttpWebRequest in our code, but some of the information presented in this post will also apply to the newer System.Net.HttpClient implementation.

Continue reading “Timeouts when making web requests in .NET”

Timeouts when making web requests in .NET

Debug Recipes


This one would be short :) While learning new things I write notes, collect help files and sample code. I use my Google Drive to store them. I have decided recently that some of the folders may be worth publishing and this is how Debug Recipes repository was born. I have a plan to store in it:

I’m still working on a better navigation (each section will have a README.md file), but for now the Github search and folder navigation are the only options. As you can imagine it will always be a work in progress, but I hope that some recipes will prove useful to you. As always comments and suggestions are welcome.

Debug Recipes

How to debug Windows Services written in .NET? (part I)


Diagnosing Windows Services might sometimes be cumbersome – especially when errors occur during the service start. In this two-parts series I am going to show you different ways how to handle such problems in production. In the first part we will focus on “exceptions discovery” techniques which very often are enough to figure out why our service is not working. In the second part we will setup a debugging environment and attach a debugger to our service. Let’s start then.

Continue reading “How to debug Windows Services written in .NET? (part I)”

How to debug Windows Services written in .NET? (part I)

Decrypting ASP.NET Identity cookies


I decided recently I need to learn Python. It’s a great scripting language, often used in forensics, diagnostics and debugging tools. There is even a plugin for windbg that allows you to script this debugger in Python language, but it’s a subject for another post. Moving back to learning Python – as an exercise I wrote a simple tool to decrypt ASP.NET Identity cookies and ASP.NET Anti-Forgery tokens. You may find it useful in situations when you need to diagnose why one of your users can’t sign in into your applications or is not authorize to access one of its parts. It does not perform validation but only decrypts the content using 256-bit AES (let me know in comments if you need some other decryption algorithm to be implemented). Adding validation logic shouldn’t be a big deal and the nist library (which I used for cryptographic operations) provides all the necessary functions.

Continue reading “Decrypting ASP.NET Identity cookies”

Decrypting ASP.NET Identity cookies

Common authentication/authorization between .NET4.0 and .NET4.5 web applications


ASP.NET Identity is a big step forward and we should profit from its features, such as: two-step authentication, support for OpenId providers, stronger password hashing and claims usage. One of its requirements is .NET4.5 which might be a blocker if you have in your farm legacy Windows 2003 R2 servers still hosting some of your MVC4 (.NET4.0) applications. In this post I would like to show you how you may implement common authentication and authorization mechanisms between them and your new ASP.NET MVC5 (and .NET4.5) applications deployed on newer servers. I assume that your apps have a common domain and thus are able to share cookies.

Continue reading “Common authentication/authorization between .NET4.0 and .NET4.5 web applications”

Common authentication/authorization between .NET4.0 and .NET4.5 web applications

Collect .NET applications traces with sysinternals tools


In this short post I would like to show you how, with sysinternals tools, you may noninvasively trace .NET applications. This is especially useful in production environment where you can’t install your favorite debugger and hang whole IIS to diagnose an issue. We will work with three tools: dbgview, procdump and procmon. Let’s start with the first one.

Continue reading “Collect .NET applications traces with sysinternals tools”

Collect .NET applications traces with sysinternals tools

ASP.NET Anti-Forgery Tokens internals


Anti-Forgery Tokens were introduced in ASP.NET in order to prevent Cross-Site Request Forgeries. There are many sites which describe how to use and configure those tokens in your application. But in this post I’m going to show you what exactly those tokens contain, where they are generated and how to customize them.

Let’s start our journey from a sample Razor HTTP form:

...
@using (Html.BeginForm()) {
    @Html.AntiForgeryToken()
    @Html.TextBoxFor(m => m.Name)<br />
    @Html.TextBoxFor(m => m.FullName)<br />
    <br />
    <input type="submit" value="Test" />
}
...

Continue reading “ASP.NET Anti-Forgery Tokens internals”

ASP.NET Anti-Forgery Tokens internals