Keep your eyes healthy

Staring at our screen all day long can take a toll on our eyes:

I was forced to wear glasses a few years ago for which I blame my screen-time. Since then I am more conscious about the health of my “biological data interface” (eyes) and just got myself computer glasses with blue filter, although I am not sure  if they are necessary. The information available on the web is contradictory, but I have an acquaintance who fixed her problem getting tired with computer-glasses.

What DID convince me though is this free tool for Windows-User: EyeLeo. It will ask me every now and then to exercise my eyes. Together with Tomighty Pomodoro timer I get the frequent breaks I need to finish my work days without my eyes hurting.

Configure FTP account to download Azure diagnostics logs

If you just published your web app to Azure with Visual Studio you probably won’t have a FTP account configured in your App Service. I just want to share how to set it up to enable downloading logs via FTP.

If you go to “MONITORING-> Diagnostics logs” in your App Service you should see the text “No FTP/deployment user set” in the field FTP/deployment username:

Diagnostics logs download configuration

Use the page “DEPLOYMENT -> Deployment credentials” to set up a new  FTP user:

Deployment credentials configuration

If you go back to “Diagnostics logs” you will see the FTP/deployment username you can use to access the logs with the FTP client of your choice (On Windows I like to use WinSCP):

Diagnostics logs download configuration (updated)

Important: You have to use the full FTP username shown on the “Diagnostics logs” page consisting of the App Service name, a backslash followed by the FTP username:

AppServiceName\FTPUser

Hint: Try to avoid FTP and use FTPS instead to protect your credentials and data.

 

Azure App Service: View and Edit the deployed web.config with Kudu

We can use the Azure Portal and Kudu to view and edit the web.config of our deployed app in the App Service:

  • Open the App Service you want to using the Azure web portal.
  • Goto “DEVELOPMENT TOOLS” -> “Advanced Tools” and click on the “Go ->” link.

  • Above the console use the file explorer to navigate to the “site/wwwroot” folder

  • Scroll down and click the pencil icon to open the file

  • You should see the file content in the editor:

Be careful, saved changes have immediate effect and you should absolutely know what you are doing when on a production system!

Security resources for .NET web applications

A collection of web app security links with focus on ASP.NET:

OWASP – The Open Web Application Security project is a worldwide community of professionals interested in security and a good starting point for securing your web apps. Some of the topics: Vulnerability, .NET ProjectCheat sheets, .NET Security Cheat Sheet, Top 10 security risks. Troy Hunt has some great Pluralsight courses about the Top 10 issues.

Top 10 Common Web Attacks from vpnMentor. Good summary of the OWASP Top 10 – 2017 edition. A good place to start (thanks to Qusai for the tip)

ASP.NET MVC Guidance: Security, Authentication and Authorization  (ASP.NET site)

Security, Authentication, and Authorization in ASP.NET Web API (MS Docs)

ASP.NET Identity – Current MS stack for authentication and authorization in ASP.NET. Check the articles on security and especially the one on deployment, passwords and the cloud.

Troy Hunt – MS MVP, blogger and security expert. I really like his stuff. Take the list of topics of his Hack Yourself First workshop as inspiration, check out his Pluralsight courses and sign up for his newsletter. Love one of his recent posts Passwords Evolved: Authentication Guidance for the Modern Era.

Ten Immutable Laws Of Security (Version 2.0) – Security philosophy 101 from Microsoft. Makes you think.

.NET Blog – General and security-related information.

My own blog entries about security.