After not finding a good resoure online and having to ask a colleague here is what he has told me to do:
Start the app in the browser. Instead of the app content Chrome displays a security warning “Your connection is not private”
Click on the “Not secure” field
Click on certificate
Select the “Details” tab
Click on “copy to file” button. The wizard opens
Safe certificate as a file (go with the defaults)
Use the default format and save to a file of your choice.
Open the saved certificate file with doubleclick
Go with “Current User” and click next.
Add certificate to the windows certificate store. Make sure to select “Trusted Root Certification Authorities”. (Disclaimer: I don’t really like to add dev certificates to that store because they are definitely not CA Authorities, but the other stores do not seem to work. If you find a better way feel free to send me an email or Twitter message)
Finish the installation
Confirm security warning with yes. (like I said above. Please tell me if you have a better solution)
Restart Chrome and try again.
Chrome should be happy now, show the lock-symbol instead of the warning and load your application!
I just had an issue with a deployed ASP.NET app on Azure: I changed the connection string in the deployed web.config using the new App Service Editor in the Azure Portal, but the changes had no effect in my application!
This answer from StackOverflow gave me the hint I needed: My connection string was being overridden by an Application Setting in the Azure App Service. I didn’t even know that it was configured.
To see if you have a connection string defined in your Azure App service log into the Azure Portal, open your App Service and go to Settings -> Application Settings -> Connection strings.
Delete the connection string in the Azure application settings. Now you can change the connection string in the web.config using the App Service Editor, for example.
Use the Azure application settings to manage your connection strings. The values defined here will always override the connection strings from your web.config.
If I want to display a PDF file in the browser instead of downloading a copy, I can tell the browser via an additional Content-Disposition response header.
This code example assumes that the file content is available as byte-array, reading the content from a database, for example.
// Get action method that tries to show a PDF file in the browser (inline)
public ActionResult ShowPdfInBrowser()
byte pdfContent = CodeThatRetrievesMyFilesContent();
if (pdfContent == null)
var contentDispositionHeader = new System.Net.Mime.ContentDisposition
Inline = true,
FileName = "someFilename.pdf"
return File(pdfContent, System.Net.Mime.MediaTypeNames.Application.Pdf);
Please keep in mind that ultimately we don’t have control over the browser. We can politely request to show the PDF inline, but this can be overridden by a user configuration, for example.
A video tutorial based on my learnings of ASP.NET MVC 5, ASP.NET Identity, SQL Server and Azure.
Summary: I will show you how to create a very simple web application with user authentication. Users can register, log in, create diary entries (text) and visualize their entries.
In part one we will create, test and refactor the application locally on our computer. Although the app is very simple we will touch a lot of different technologies. You will also see some issues you may experience when starting with ASP.NET MVC in Visual Studio and how to fix them.
In part two we will publish our app to the cloud (Azure). Please subscribe to get notified when part two is finished.
ASP.NET Identity ApplicationUser and ApplicationDbContext overview
ASP.NET Identity tables
Extend DiaryEntry model class for usage in DbContext
Create foreign key property and navigation properties (Entity Framework)
Add new DiaryEntry table to DbContext
Create new model class from viewmodel
Use Entity Framework to insert into DiaryEntries table
Show result of data-model change: “Server Error in Application. The model backing the ‘ApplicationDbContext” context has changed since the database was created. Consider using Code First Migrations to update the database”
Your global authentication-default is “requires authentication”. You create a new action method on a controller that should be accessible without authentication and forget to add the [AllowAnonymous] attribute.
Resultingissue: You try your application, can’t enter that new page and fix it. In the worst case you didn’t do your homework and a customer/user finds the bug and complains to you.
Which issue would you rather have to deal with?
I personally prefer the whitelisting approach and err on the side of caution.