Friday, March 16, 2012

Mass assignment vulnerability references

I am a fan of ASP.NET MVC. I am also a fan of security. The two posts below combine those interests by describing how to mitigate mass assignment vulnerabilities. I am posting these so that my team can refer to them in future if needed.

Here's a bonus link. I can never remember this syntax: How to join two collections with LINQ

Monday, March 12, 2012

remove web transform files

Today I am sharing the process that I used to remove web.config transforms after a build. I wish that I could claim that I was able to implement this in a knowledge vacuum, but I had some help. As you can see, all I am doing is creating a list of all files not named web.config and then deleting them.

  <Target Name="MvcBuildViews" AfterTargets="AfterBuild" Condition="'$(MvcBuildViews)'=='true'">
    <ItemGroup>
      <DeleteAfterTransform Include="$(OutDir)_PublishedWebsites\$(TargetName)\Web.*.config" Exclude="$(OutDir)\_PublishedWebsites\$(TargetName)\Web.config" />
    </ItemGroup>
    <AspNetCompiler VirtualPath="temp" PhysicalPath="$(WebProjectOutputDir)" />
    <Message Text="WebProjectOutputDir: $(WebProjectOutputDir)" Importance="low" />
    <Message Text="OutDir: $(OutDir)" Importance="low" />
    <Message Text="TargetName: $(TargetName)" Importance="low" />
    <Message Text="ProjectConfigTransformFileName: $(ProjectConfigTransformFileName)" Importance="low" />
    <TransformXml Source="Web.config" Transform="$(ProjectConfigTransformFileName)" Destination="$(OutDir)\_PublishedWebsites\$(TargetName)\Web.config" />
    <Message Text="Preparing to remove config transform files." />
    <Message Text="Files: @(DeleteAfterTransform)" />
    <Delete Files="@(DeleteAfterTransform)">
      <Output TaskParameter="DeletedFiles" PropertyName="deleted" />
    </Delete>
    <Message Text="Deleted Files: $(deleted)" />
  </Target>
I hope that you find this post useful.