Tallan's Technology Blog

Tallan's Top Technologists Share Their Thoughts on Today's Technology Challenges

Posts Tagged "ASP.NET"

Applying new NIST standard to Asp.Net Pt. 1 (PBKDF2, SHA256, Password content)

Jeremy Mill

Most developers know that you should never store passwords in plain text, and know that they should be hashed. Only slightly fewer know that they should be stored utilizing a “salt” to append to the password to prevent time trade-off attacks (1). Fewer know what hash function they should use, and it seems lately, the majority don’t know that they shouldn’t just be salting and hashing at all, and instead should be using a key derivation function such as PBKDF2, or scrypt. We will be exploring utilizing PBKDF2, but scrypt is a perfectly viable option. The current draft of the new NIST guidelines says (2):
Verifiers SHALL store memorized secrets in a form that is resistant to offline attacks. Secrets SHALL be hashed with a salt value using an approved hash function such as PBKDF2 as described in [SP800-132]. The salt…

Global Action Filters in ASP.NET MVC 3

Action Filters are a great way to handle cross-cutting concerns in ASP.NET MVC such as Logging, ExceptionHandling, etc.  In previous versions of MVC3, action filters have to be explicitly added to each controller.
MVC3 adds the concept of Global Action Filters which allow you to apply action filters globally without the need for explicit declaration.  In this example, we’ll demonstrate how to add a debug action filter attribute that shows debug information for each view using Global Action Filters.

Code Snippet

/// <summary>
    /// Displays the elapsed time and environment for each executed action in the HTTP Response Stream.
    /// </summary>
    public class DebugInfoAttribute : ActionFilterAttribute
        readonly Stopwatch _startWatch = new Stopwatch();
        private static string _outputFormat = “<h4>Debug Environment Info</h4><div class=\”debuginfo\”><table><tr><td>Web Server:</td><td>{0}</td></tr><tr><td>Browser:</td><td>{1}</td></tr><tr><td>Controller</td><td>{3}</td></tr><tr><td>Action:</td><td>{4}</td></tr><tr><td>Execution Time(ms):</td><td>{5}</td></tr></table></div>”;
        public override void OnActionExecuting(ActionExecutingContext filterContext)

        public override void OnResultExecuted(ResultExecutedContext filterContext)
            var browser = filterContext.HttpContext.Request.Browser;
                                                                   String.Format(“{0} ({1})”,browser.Browser,browser.Version),


This action filter uses the StopWatch object to clock how long the action took…

A Brief Introduction to Error Logging Modules And Handlers (ELMAH)

Micael George

ELMAH is an open source project used to add error logging capabilities to an ASP.NET Web application. ELMAH essentially provides a means for logging and reporting unhandled exceptions in applications. I came across this very nifty tool while working with the MASS LEG team to create the Legislative Automated Workflow System (LAWS) application for the Massachusetts Legislature. We used ELMAH to uncover issues in the application that were producing unhandled and non-descriptive exceptions.  Using ELMAH, the dev team was able to use the stack trace of the exception to pinpoint and fix the problem. The following provides a brief description of how to set up ELMAH and enable & configure its error logging.
Setting Up
There are only a few steps to setting-up ELMAH. The first thing that should be done is to get the latest release of ELMAH and adding the…