In years past building Visual Studio Extensions have often been considered the realm of the big boys. Staff working at Jetbrains or the Microsoft employees of the world. Last year I saw a talk given by Mads Kristensen aimed at taking away some of this stigma and showing how easy the guys at Microsoft have tried to make it for developers like you and me to just up and write extensions. I’ve been wanting to build one ever since, but haven’t had a good enough excuse to jump right in – until now. Here follows the creation of “OnCheckin Web.config Transformer”.

When writing forms for your ASP.Net MVC websites the common approach to ensuring only real people use them site is to simply add an Html.AntiForgeryToken() to your form’s view mark-up and controller and be on your way. I've recently found out this approach while simple, can actually have pretty serious affects on both how your visitors use of your site as well as their view of it’s professionalism and stability – two things you really don’t want any trouble with.

In web and software development we all know what it’s like to finish a project and have it leave a bad taste with either your team or your stakeholders. Often left with thoughts of “if we’d just had time to slip that last feature in”, “I wish we’d understood that requirement earlier. or even worse “I wish we’d given that more testing time”. The problem is that as humans we’re incredibly good at this kind of thinking, but by using Agile processes to change this thinking both your development team and stakeholders alike will be a much happier bunch.

The past year has been a crazier year than most for me. I moved jobs to working in publishing where I've created a new thriving user group within the very company (post to come soon), launched the most awesome way for ASP.Net web developers to deploy their sites and generally loved being a developer for another 365 days. Our jobs are made so much easier by the online contributions of others, and moving into another year we get a chance to give something back.

Over the past two weeks I've begun moving a lot of my hosting infrastructure onto Microsoft Azure. This has consisted of all sorts of configuration – virtual networks, VPN's, backups, servers, databases and sites. One of my sites uses Code First Migrations at it's core, and during the migration simply nothing would work. After much pain and frustration I made the worst mental leap a developer can make: I came to the simple conclusion that is was everyone else's fault. Like most of these kinds of problems, I was to blame all along.

When configuring an Azure Virtual Network one of the most common things you'll want to do is setup a Point-to-Site VPN so that you can actually get to your servers to manage and maintain them. Azure Point-to-Site VPNs use client certificates to secure connections which can be quite complicated to configure so Microsoft has gone the extra mile to make it easy for you to configure and get setup – sadly at the cost of losing the ability to connect through the command line or through PowerShell – Let's change that.

Often you'll find yourself logged into a web or application server and need to simply test that you can get to the SQL server you've unsuccessfully been trying to point your app at. Luckily there is a nifty trick built into Windows that allows you to save the day without having to install anything on your box – and it works on both client and server operating systems just as well.

Web application security's had a lot of coverage in recent times with a lot of attention paid to approaches to dealing with user generated content or exposing form or query string data to users. Thanks to a number of big hacks over the years you commonly hear about the risks of not properly encoding user data and the risk it poses to your visitors. One thing you don't hear often is how user entered CSS can have just as much risk attached to it – thanks to accidental support for HTML Components (HTC's).

Offshoring – the business consultant's best friend. It's often used as "the grass is greener" answer to many large software development team's senior management. After seeing this sold in some way at nearly every role I've had for the last 10 years, the one question I don't often see asked alongside is what problem this solves and if there's other answers. Like many legitimate leadership questions this is overlooked not because managers are unintelligent, but because it's often a hard question to answer. Digging deeper delivers answers that can save a lot of time, stress and money.

Over the last few years we've seen a lot of blog posts floating around showing how to setup and deploy a website to Windows Azure. In my opinion they all cover the the "Azure 101" point of view and don't speak too much about migrating a website that already exists to Azure and some of the pains and gains experienced along the way. This post covers the migration of this very website to Azure websites and migration of my blogs database to SQL Azure.