Software Developer, Technology Enthusiast, Husband and Dad based in Melbourne.

ASP.NET

Simple 301 Redirect for ASP.NET

A 301 Redirect is a way of sending search engines and user traffic to a specific? URL ,? also telling the search engines to do a permanently move on? that URL.

Implementing 301 redirect in ASP.NET Webforms or ASP.NET MVC; Simply use the Application_BeginRequest event in Global.asax. Then retrieve the URL from the Web.Config file or a Repository.

protected void Application_BeginRequest(Object sender, EventArgs e)
{
string path = "";
switch (Request.Url.Scheme)
{

case "https":
Response.AddHeader("Strict-Transport-Security", "max-age=300");
break;
case "http":
    if (Request.Url.PathAndQuery == "/")
     {

    path = "https://" + WebUtils.WebConfigUtils.GetAppSettingskey("SiteURL") + "/";

    }
else
    {
     path = "https://" + WebUtils.WebConfigUtils.GetAppSettingskey("SiteURL") + "/" + Request.Url.PathAndQuery;

    }
    Response.Status = "301 Moved Permanently";
    Response.AddHeader("Location", path);
    break;
   }
}

  • When a URL request for an http is made, the switch statement responses by inserting a 301 Moved Permanently and the new location path into the HTTP header .
  • Store the SiteURL in the Web.Config or a Repository.
  • When a URL request for an https is made,the switch statement responses by in inserting Strict-Transport-Security telling the browser to prevent any communications from being sent for HTTP.

Test this function locally in your development environment use IIS Express SSL option.?

References

301 Moved Permanently
http://moz.com/learn/seo/redirection

HTTP Strict Transport Security
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security

Global.asax
http://msdn.microsoft.com/en-us/library/1xaas8a2%28v=vs.71%29.aspx

NovusCodeLibrary.NET – Utilities Library for .NET
https://github.com/novuslogic/NovuscodeLibrary.NET

Working with SSL at Development Time is easier with IISExpress
Working with SSL at Development Time is easier with IISExpress

Using LESS.JS and ASP.NET MVC 4

Using LESS.JS with ASP.NET MVC 4 is a great for extending the behaviour of CSS with variables, operations and functions.

There are two ways to use LESS with CSS and ASP.NET MVC 4 either dotlesscss or LESSCSS.JS for this post I will be focusing on LESSCSS.JS because dotlesscss doesn’t support all features of LESS.JS.

IIS

A ?.less? MIME Type must be registered with IIS at the command line with in the IIS directory e.g C:\Program Files (x86)\IIS Express:

appcmd set config /section:staticContent /+[fileExtension='.less',mimeType='text/css']

web.config

Next add the mine type to the web.config of the ASP.NET MVC 4 project:

<system.webServer> 
    <staticContent> 
       <mimeMap fileExtension=".less" mimeType="text/css" /> 
   </staticContent >  
</system.webServer>

Razor Page

Add ?.less? files before the less.min.js to avoid namespace issues and always add the ?less.js? last of your ?.less? files.

<head> 
    <link rel="stylesheet/less" type="text/css" href="@Href("~/Content/theme.less")" /> 
    <script src="@Href("/scripts/less.min.js")"></script> 
</head> 

Links

LESS CSS JS
http://lesscss.org/

dotlesscss
http://www.dotlesscss.org/

Add a MIME Type
http://technet.microsoft.com/en-au/library/cc725608%28v=ws.10%29.aspx

Encrypting ASP.NET appSettings Web.Config File

It is recommended to encrypt the AppSettings key in the ASP.NET Web.Config file for security reason. The simplest method is using aspnet_regiis.exe command-line utility; this command-line utility is available from .NET 2 Framework or higher, for this blog I will be using .NET Framework 4.0.

aspnet_regiis.exe

The location of aspnet_regiis.exe command-line utility is:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

Encryption

To encrypt the appSettings key at the command-line:

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe ?pef appSettings “c:\project\directory” -prov “DataProtectionConfigurationProvider”

  1. Specify the full path to aspnet_regiis.exe command-line utility
  2. Use -pef appSettings to set the appSettings key
  3. Use -prov “DataProtectionConfigurationProvider”

.NET Framework 4.0 has two built-in providers for encrypting the appSettings key in ASP.NET Web.Config file:

  • DataProtectionConfigurationProvider Windows data protection API (DPAPI)
  • RSAProtectedConfigurationProvider RSA encryption

The simplest provider to use is the DataProtectionConfigurationProvider, there are no RSA keys to be created and setup, with the DataProtectionConfigurationProvider it’s server -specific.

When copying the Web.Config file from your development environment, encrypt the appSettings key on the server using DataProtectionConfigurationProvider provider otherwise the appSettings key will not be decrypted correctly.

The RSAProtectedConfigurationProvider RSA encryption, the RSA keys can be copied from development environment to server without change.

Decryption

To decrypt the appSettings key at the command-line:

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf appSettings “c:\project\directory ”

  1. Specify the full path to aspnet_regiis.exe command-line utility
  2. Use ?pdf appSettings to set the appSettings key

C# Example reading appSettings Key

With this example the appSettings key is read and decrypted automatically:

using System.Configuration;
using System.Web.Configuration;

private void EncryptAppSettings()        {
           Configuration objConfig = WebConfigurationManager.OpenWebConfiguration(
                  Request.ApplicationPath);
           AppSettingsSection objAppsettings =
            (AppSettingsSection)objConfig.GetSection("appSettings");
          if (!objAppsettings.SectionInformation.IsProtected)
            {
            objAppsettings.SectionInformation.ProtectSection
                            ("DataProtectionConfigurationProvider");
                  objAppsettings.SectionInformation.ForceSave = true;
                 objConfig.Save(ConfigurationSaveMode.Modified);
            }
        }

Links

ASP.NET IIS Registration Tool (Aspnet_regiis.exe)
http://msdn.microsoft.com/en-us/library/k6h9cz8h%28v=vs.100%29.aspx

How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
http://msdn.microsoft.com/en-us/library/ff647398.aspx

How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
http://msdn.microsoft.com/en-us/library/ms998283.aspx

DpapiProtectedConfigurationProvider Class
http://msdn.microsoft.com/en-us/library/system.configuration.dpapiprotectedconfigurationprovider%28v=vs.100%29.aspx

RsaProtectedConfigurationProvider Class
http://msdn.microsoft.com/en-us/library/system.configuration.rsaprotectedconfigurationprovider%28v=vs.100%29.aspx