Entries for 2017

August 03, 2017

DNN Upgrades & Security Roundup August 2017

It is hard to believe that it has been a month already since my last post about DNN/Evoq Security. A lot has transpired since that last release. Some additional security releases and patches have come out. In the end, we are at a time where I believe we are past the storm, but I thought it would be good to revisit the recommended actions for users. (For those non-DNN/Evoq followers of this blog, hang tight, next week will be the start of lots of fun Entity Framework, .NET Core and similar content!)

June 30, 2017

June 2017 DNN/Evoq and Module Security Summary

The past week has been a bit hectic in the DotNetNuke/Evoq space. Four confirmed security vulnerabilities were identified that could impact existing installations, one last week and three this week. Sadly, many sites have already been exploited by these vulnerabilities, adding a bit more urgency to the situation. Although many people are aware of the situation we have found that not everyone knows what is going on, so we thought it would be prudent to share what we know about the situation. This information is being shared both on Mitchel's Technical Blog as well as our corporate website.

May 23, 2017

Creating Effective, Repeatable, & Usable Code Demos

Over the years I have given more than 350 talks at various conferences, code camps, user groups, and other events. There are two things that I have always been very cautious about; demonstrations requiring an internet connection and those that require "live coding." Solutions for internet connectivity are relatively straightforward. I have historically tried many things to work through the "live coding" issues as well. But until recently I hadn't stumbled across the "right" solution. I think I might have the solution now!.

May 10, 2017

Updated ASP.NET Core 2.0 & Full .NET Framework

This week is the week of Microsoft's BUILD developer conference where lots of new announcements are typically made. Yesterday it was revealed that the next version of ASP.NET Core, version 2.0, will no longer support running on the full, existing .NET Framework. (.NET 4.7 for example). There has been a lot of various feedback on this topic, and I thought I'd chime in a bit with my opinion as well, as with all posts I welcome conversation and alternative viewpoints in the comments.

May 10, 2017

Adding WebApi & OAuth Authentication to an Existing Project

There are many tutorials out there that discuss the ease of setting up a new project, and checking all of the magic boxes to add Identity, WebApi controllers, and more. However while these may be helpful, in the real world situations are often not as simple. We might have existing projects that at the start didn’t need WebAPI - or maybe we used WebApi controllers in our code - but all in all, we didn’t get the proper security architecture in place.

In this post, we will walk through how to enhance an existing project to be able to create WebApi controllers and properly secure them using OAuth.

April 27, 2017

Publishing ASP.NET Core Applications to Azure Action Pack Hosting

The more I work with ASP.NET Core, the more I love the new way of doing things. We have far better language features to help make life easier, however, with all good, there is some bad. Compilation and deployment are something that still is just a bit more complicated than it should be. In the past few weeks, I've been working on getting a practical, full featured application deployed under ASP.NET Core. One of the hardest parts was getting the application published to my hosting environment. Everything would run locally just fine, but for one reason or another, I would not be able to get things working as expected on the hosting provider. Compile & Publish would finish in my automated environment without error, yet files were missing. Finally, I managed to figure out what was going wrong, so I thought I'd share.  

March 09, 2017

FireFox and Insecure Password Notifications

Passwords are something we talk about as developers a lot when working with custom systems. We talk about the logistics of how to reset them, how to store them, and related back-end options. It is often simply assumed that we will be using SSL when we submit these passwords to our websites. This assumption, however, is often a big oversight and exposes a potential point of risk to websites. I'm blogging about this today, because FireFox, starting with Version 52 introduces a feature that calls all of us developers on any oversight in this situation.

February 24, 2017

Take Control of Code Coverage Analysis with Exclusions

As developers Unit Testing makes our jobs easier, we have consistent tests to validate our work, change management becomes easier, and we can prove the functionality remains the same. In collaboration with various companies, however, I find that often the tooling gets in the way of developers understanding exactly how much of their important code is covered by unit tests. Visual Studio provides unit test coverage tools for reporting, yet often the tool ends up discouraging users due to a lower than expected rate of coverage. In this post, we will investigate a few common areas that can impact your unit test coverage, and how to prevent certain items from changing the reported coverage percentage.

January 30, 2017

Finding Performance Settings in DNN 9.x

With the recent release of DNN Platform version 9.0.0 & 9.0.1 I have been an increase in the requests for updates to my prior guides on locating the important performance settings since everything has moved to different locations. A major overhaul of my Performance Whitepaper is underway, however, I wanted to take a little bit of time to run through key settings for those new to 9.x. Consider this a high-level walkthrough of key concern areas.

January 25, 2017

Using Entity Framework with Legacy Databases

I find more people are interested in getting started with Entity Framework within their organizations. However, the various documentation and examples that exist don't necessarily give the best overall implementation solutions. I have worked with many people that have thought "we have a legacy database setup, we can't use entity framework" or "we cannot use migrations, so we can't use code first." Both are very common misconceptions, but something that isn't the case. It just takes a bit of work. In this post, we will dive into the specifics of implementing Entity Framework to a legacy database, where we cannot rename tables and other objects without substantial effort. A link to full code will be provided at the bottom.

January 24, 2017

Development Tools: NDepend & Quality

I often get asked which tools I use for development or reviewing of existing codebases. This question is often hard to answer directly, as every situation is a bit different. However, I thought it would be worth trying to revisit the tooling topics to help others possibly improve their environments by knowing the tools I find helpful. This post will be the first of a limited number of occasional posts on tooling. With the primary focus of my topics still being with ASP.NET, MVC, and performance. If you find these helpful, though, I'd love to get some feedback.

Content provided in this blog is provided "AS-IS" and the information should be used at your own discretion.  The thoughts and opinions expressed are the personal thoughts of Mitchel Sellers and do not reflect the opinions of his employer.

Content Copyright

Content in this blog is copyright protected.  Re-publishing on other websites is allowed as long as proper credit and backlink to the article is provided.  Any other re-publishing or distribution of this content is prohibited without written permission from Mitchel Sellers.