JP Hellemons Building E-commerce web applications

This is de default of BlogEngine 2.7: <?xml version="1.0"?> <configuration> <system.web> <httpRuntime enableVersionHeader="false" useFullyQualifiedRedirectUrl="true" maxRequestLength="16384" executionTimeout="3600" requestLengthDiskThreshold="16384" requestValidationMode="2.0"/> <pages enableSessionState="false" enableViewStateMac="true" enableEventValidation="true" controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"> ... </pages> </system.web> </configuration> And I have used these settings for quite a while. But my application pool keeps crashing after about a week. I have enabled elmah logging <elmah> <errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="~/elmahErrors" /> </elmah> This enabled me to have a better look at what was causing the crashes. Because the elmah page is of course unavailable when BE crashes. The log had several error’s the two most common ones where: A potentially dangerous Request.Path value was detected from the client Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. I have now added: validateRequest="true" to my pages section in the web.config and have added: requestPathInvalidCharacters="" to the httpRuntime section and my error logging feature stays empty and the BlogEngine application returns a nice 404 when trying some querystring injection and/or XSS attacks. So this will fix all the thrown exceptions and keeps my application pool from automatically shutting down. I have found this on StackOverflow http://stackoverflow.com/a/6026291/169714 but turning off the validateRequest seems like a bad idea. Good luck with BlogEngine!

BlogEngine recently released version 2.6 (May the 14th). My blog was running 2.5 from 27th of July 2011. So it was time to update. The 2.6 new feature list has several great things on it, but a lot of features are for the administration dashboard. I use Windows Live Writer to prepare and publish posts. So I only use the dashboard to manage comments and sometimes settings. So the main reason for me to upgrade, is for all the minor bug fixes and improvements and the JavaScript and cascading style sheet minification and bundling which is available from Asp.Net 4 and above. Scott Guthrie has written about Bundling and Minification Support in November 2011. There is a good upgrade guide available online which I used, but since the upgrade path might differ from user to user, I have decided to blog mine: First of all: know your blogs storage method, mine is XML. I know because I have not configured any database in a web.config file. So here are my steps: 1. Backup current BlogEngine 2.5 installation by FTP it to a local folder 2. Download BlogEngine 2.6 (web install) 3. I have compared web.config of 2.5 to 2.6 with Beyond Compare I installed the trial version of #beyondCompare and really like it! thanks@ScooterSoftware for making my new fav #diff-tool — JP Hellemons (@JPHellemons) April 25, 2012 4. Delete everything from FTP web root, except `googleverification.html`, my nibbler html (to claim my website ownership) and robot.txt and dotnettechy.html except app_data 5. upload everything from 2.6 except app_data content 6. upload themes/jphellemons folder 7. upload widgets - buy me a beer, cumulus, syndication, tagcanvas, twitterfeed twitterfeed missed some .cs files in app_code 8. upload pictures and custom favicon blogengine.ico, android market button, 9. upload socialbe folder and I tested it… but it didn’t work. Seems to have lost everything, admin login didn't work. requesting password. no e-mail received. 10. downloaded logger.txt from app_data folder, spotted that SMTP does not work out of the box on this webhost. So I had to modify the web.config so that asp.net can send mails with the web.config settings. I used this blogpost as reference: http://dotnetblogengine.net/post/The-Next-Chapter-of-BlogEngineNET-Version-26.aspx And I tried to open my upgraded blog again and noticed that twitterfeed widget had some .cs classes that required a manual upload in the App_Code folder. So now I am running version 2.6 of BlogEngine.Net Good luck upgrading!

For this small article, I assume that you have an Asp.Net web application running on IIS and that you have setup your SSL certificate. So navigating to https://www.yoursite.com works. This blog post will explain how to redirect all http traffic to https in several easy steps. 1. Get the Web Platform Installer (it’s free!) from Microsoft  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=32b0dfe5-f139-4e1c-b412-3da39f50bbf9  2. After you have opened the WebPI (Web Platform Installer) search for: Rewrite 3. Install the component! More...