I’ve been a long time supporter of Visual Studio Web Deployment projects. Not because I built ASP.Net websites and wanted to compile them, but more because they held so much unadulterated power from the simplicity of just being an MSBUILD file inside your solution. With the launch of Visual Studio 2012 Microsoft has made the call to no longer support WDP moving forward. This made me sad; but I was just being naive. Visual Studio 2012’s Publishing profiles are even more powerful, and they bring all your old friends along for the ride.

When it comes to reviewing visitor site usage, server bandwidth usage, or forensic security investigations; IIS log files often hold the answers. Although as I'm sure you’re more than aware, gigantic text files can be hard to view let alone pull intelligence from. Investigating a website attack can be really daunting when looking at log files as an information source. In my previous post I covered a tool to help with Windows Security Logs. Lucky for us it’s just as awesome when dealing with huge IIS logs.

When bad things happen to either your website or your server you’re usually faced with a situation that either makes or breaks you. Much like having a good backup and restore plan, being able to filter and scan log files for what you need to help draw conclusions on how a situation occurred or by whom it was conducted, is an important part of your security plan. However if you have a heavily traffic’d website, network share or part of your file system and you’re doing a lot of logging, you probably have files the size of the moon to wade through, so making sense of them can be a nightmare.

In ASP.net land we are often lead to think the “Microsoft way” when it comes to a lot of things. Running performance tests and benchmarking is one of these tasks where we are often found looking into commercial tooling or products to help us find out how our applications handle load. Meanwhile a lot of web developers on other stacks are doing it with great free tooling. There is nothing stopping us from stealing the best parts from these stacks and bringing them back to the land of ASP.Net.

Microsoft Web Deployment projects are an easy way to add a MSBUILD scripting to your Visual Studio web projects. I use them all the time for personal deployment projects and at work so do all my team members. With the upcoming release of Visual Studio 2012 there is currently no Web Deployment project type. Luckily there is something we can try and do about it – Let Microsoft know.

When delivering messages to people using email, companies and website owners have fallen into a common fallacy about the internet: believing its OK to show contempt for our readers by not caring for their reply. We do this every time we send an email, however important, that comes from noreply@mywebsite.com. Like a number of life’s oddities this doesn’t make sense – let’s look at why and how we can change it.

When placing audio and video elements on a web page I’ve worked on a number of pieces of work where, for one reason or another, clients want to have their media Autoplay. To us nerds it may seem like common sense that Automatically playing media to a visitor is a bad idea for accessibility. The W3C has made this clear with it’s WCAG guidelines – we’re nerds; we care about these kinds of things. It’s worth mentioning that as with most accessibility features though, proper use of Autoplay also does a lot for usability and visitor sanity for the rest of your audience as well.

If you’re developing on the ASP.Net web stack you’ve probably used either the WebForms FileUpload control or the MVC HttpPostedFileBase model binding parameter many times before. On a badly configured website this can create a perfect storm of insecurity potentially exploited by anyone who uploads malicious files. As this very attack can be your website’s undoing let’s take a look at why it’s a problem and what you can do to fix it.

Next Saturday at 9am sharp, I will be first cab off the rank in the developer skills stream at DDD Sydney presenting my talk “A few things developers should know about the internet (but probably don’t)”. I’d love for you to come along and say hello on the day, so if you haven’t already bought tickets, please do from the link above. Sydney has many conferences throughout the year, but few are as straight talking as DDD, with a good range of subjects on not only the Microsoft stack, but general web and development as well – not only how Microsoft would recommend it, but the very people who’ve been in the trenches with you.

Running Apache and IIS on the same web server might seem like sacrilege to some folks, but like a lot of things in life there is a time and a place for everything. I’ve overseen some quite successful deployments that have had the two running side by side on the same machine, and the flexibility that Apache can bring to an application as a value add can be really exciting. For both future keepsake and to share with all of you folk, here is a quick how-to guide so that all you have to do is follow the bouncing ball.