Role Based Access Control in ASP.NET MVC

In this post, Premier Developer consultant Lizet Pena De Sola explains Role Based Access Control in ASP.NET MVC. Role Based Access Control in MVC is pretty straight forward. There is also a way to do claims access control, but the most common way is based on roles. To show or hide action links in a view depending…

1

HTTP Secure, Part II. Is Diffie-Hellman always used in the HTTPS key exchange?

In this post, Premier Developer consultant Lizet Pena De Sola explains Diffie-Hellman in the HTTPS key exchange. I got a question right after I had spent a week in training classes for the COMPTIA Security+ exam: to describe how HTTP Secure (HTTPS) modifies the HTTP traffic between a client browser and the server.  At the end of my explanation,…

0

Claims augmentation with OWIN but outside of Startup code

This post on authentication and authorization is from Premier Developer consultant Marius Rochon. Claims list included in the ClaimsPrincipal usually originate from the security token received by the application as part of user authentication (SAML, OpenIDConnect id token) or access authorization (OAuth2 bearer access token).  However, sometimes there is a need to modify that list…

0

Should you obfuscate your Xamarin app?

This blog on securing your source code is from Premier Developer consultant Bill Reiss. I saw a question recently about how to protect code in a Xamarin app package. I feel the first question is whether you need to, and not how to do it. The reality is that you can never completely protect your…

2

Hardening your web server’s SSL /TLS ciphers

In this post, Senior Application Development Manager, Anand Shukla shares some tips to harden your web server’s SSL/TLS ciphers. I recently worked with a customer who had security requirements to disable the weak RC 4 ciphers from their Windows 2008 and Windows 2003 servers.  The process is little different for Windows 2008 R2 servers and…


Microsoft Security Risk Detection

In this post, Application Development Managers, Mike Batongbacal and Syed Medhi, introduce the Microsoft Security Risk Detection service formerly known as Project Springfield. Software Security is a Business Imperative In today’s world, the threat of security breaches in computer networks and business software is an all too real possibility. More than ever before, businesses are…


Protecting Secrets using VSTS and Azure Key Vault

In his latest blog post, Premier Developer consultant Najib Zarrari discusses one approach to protecting sensitive information in your application by using VSTS and Azure Key Vault. If you are building a modern application and are following modern design principles, there is a good chance your application is composed of a number of layers and…

0

ASP.Net Session Swapping – Why it happens and what can be done about it?

In this post, Senior Application Development Manager, Sanket Bakshi explains details behind the sometimes perplexing issue of Session Swapping and how to avoid it. Kernel Cache is a powerful and well-known feature introduced in IIS 7 and found in all later versions.  It’s the highly performant server level cache that very efficiently delivers frequently used…


Passive is good!

Here’s a quick read from Premier Developer consultant Marius Rochon’s blog.  In it, Marius gives some great reasons to leverage passive authentication protocols in your applications rather than writing your own code to handle credentials. Some time back I wrote about avoiding handling of credentials (creation/maintenance/verification of user names, passwords, pins, etc.) in your own…

0

Microsoft Cloud: Migrating Workloads and Security Planning

In this blog post, Application Development Manager, Lalit Patel, shares examples of customers working with Premier to overcome migration concerns and build confidence while moving workloads to the cloud. Cloud Adoption is underway as more organizations look for opportunities to optimize spending and reduce the operational cost associated with traditional on premises IT infrastructure assets….