Software And Architecture

Securing Applications with ASP.NET Core OWIN Middleware Against Payload Attacks Introduction:  Cybersecurity is a crucial aspect of modern application development. One area of concern is preventing attacks that exploit vulnerabilities in request payloads. This article explores how to use ASP.NET Core OWIN middleware to enhance the security of your applications by addressing payload-based attacks. Vulnerability:  Payload Attacks Payload attacks involve sending malicious data in the request payload to exploit vulnerabilities. These attacks can lead to various security breaches, including data exposure, injection attacks, and remote code execution. Using OWIN Middleware:  ASP.NET Core provides the OWIN (Open Web Interface for .NET) middleware pipeline, which can be customized to intercept and process requests before they reach the application's core logic. This provides an opportunity to implement security measures. Sample Code Implementing Payload Inspection Middleware: Here'

Recently on encountering a issue where in the images / CSS / js and others being rendered with status as 200 (OK). But when looked in the browser, the content was not displayed. The static modules were enabled in windows features along with the MIME type mapping. Finally, when checking in the IIS Server, it was found that the Static module was missing in the handler registration. Updating that fixed the issue.

When an application is deployed in the server and if it throws the could not load library exception, we can enable the x86 support in application pool. In case any assembly was built targeting the x86 platform, this would be the right fix to make the site available. However, it is strongly advised not to target specific platform unless a firm reason be found.

In order to debug the application that is run in IIS Express in visual studio, following are the steps 1. Run the application /s in IIS express configured in visual studio 2. In the system tray or task bar near by the system clock, IIS express icon will be shown. Click on it and click on "show all application" 3. All the application hosted in IIS express will be shown along with the corresponding process ids. 4. In visual studio, go to Tools > Attach to process > in the processes, order by the process I'd and choose the correct process I'd to debug the application. 5. If the process is not listed there, pick on the "show process from all user account" check box in the bottom left corner of the window. 6. Leave a break point in the source and that's it. Hope this helps.

The following code snippet can be used to run the IIS Express [8.0] in my case to be run from the command line. The parameters are the path to the main directory, the target libraries [dll's] should be in a folder  called as “bin” inside this given path for the IIS to pick up and run. The other parameter is the “port” which specifies which port should IIS Express listen for the incoming request. It also logs in the requests and the response status etc in the command line. Sample : c:\Program Files\IIS Express>iisexpress.exe /path:”C:\Users\Saravanan\Documents\Visual Studio 2012\Projects\console_app_in_iis\console_app_in_iis” /port:8089

The following bug is encountered when running a webservice on a newly installed windows machine with new IIS [7] Bug: [NullReferenceException: Object reference not set to an instance of an object.] System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs) +313 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +102 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75 Solution : Go to Control Panel > Turn on or off windows features > roles > ASP.NET > if not installed, click on the Add Role Features > select ASP.NET > Finish Installation and restart website / webservice.