Posts

Custom Login Validation

One of the many behaviors that I was asked recently to create was to allowing hide/show of the password and warn users that the locked character key is active. Since this solution could get complex and I just wanted to create a quick/simple demo and because of that I'm going to pick jquery. I could late come back and do it in another library but I already have a few ideas what I want to do. Notes: input - Is it standard practice to indicate on the form that Caps Lock is on? - User Experience Stack Exchange html5 - What's the difference between HTML 'hidden' and 'aria-hidden' attributes? - Stack Overflow Examples:  Edit fiddle - JSFiddle Better Passwords #3: Caps-lock Warnings — SitePoint Code Bins : Password masking in jQuery
Read more

AspnetCore Oauth Active Directory

I'll be honest active directory has always been a difficult area for me to develop in. Which is why I prefer a basic user authorization that's just attached to the database. What I'm trying to do is leverage Oauth and inside pass in credentials to the active directory. Thous prevent users with the built in prompt and instead handle the authorization just like you would if it was inside an aspnet core Identity table. However this is no table! This means they can pass me any username and password. Not just what they are logged as under the domain (and under their browser). Very simple just difficult to explain with all the major buzz words floating around like Single Sign On, external service providers and etc. Which where I start to have trouble explain because I like to keep things simple. What my application will do is have an authorization page and redirect users to it if that are not logged in. Once I figure out they are who they say they are with the AD then continue a...
Read more

Nginx with Naked Domains

This right I'm going naked on everything! Non-www and everything lowercase. Just to simplify my urls. If you couldn't write it out naturally or if it takes too long then I avoid making it a path. Special cases like unique guid url parameters being the exception. For the sites that have a ton parameters this its understandable but for the domains this rule really should be applied. In some cases might say the path is up to the application however if the framework doesn't handle this is a fall back. https://superuser.com/questions/432674/nginx-remove-www-from-https https://www.digitalocean.com/community/tutorials/how-to-redirect-www-to-non-www-with-nginx-on-ubuntu-14-04 http://nginx.org/en/docs/http/server_names.html
Read more

Orchard 1.10.1 - Seo & Social Module

Most of the work I do for orchard is open source, this is because nothing other than content is property of my employer. Even if open source makes some employers uncomfortable a lot of my work is about success of a given project or the development process flow. In other words is everyone able to achieve what with the development or features created within a given project. That's just my take on things, I'm sure someone will disagree, putting security in a much higher priority. Which I think is a big part of my reason for being open source on the things I could improve unpon. Notes: https://stackoverflow.com/questions/11149157/orchard-getting-the-contents-title-from-the-theme-layout https://stackoverflow.com/questions/11688626/orchard-theme-placement-not-overriding-module-placement https://stackoverflow.com/questions/13000711/add-individual-page-titles-to-html-document-head-in-orchard-cms https://stackoverflow.com/questions/17737509/orchard-cms-custom-theme-every-page-d...
Read more

Content Security Policy & Best Practices

Image
This article is mostly on configuration with nginx and maybe a little on IIS. Notes: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors https://csp-evaluator.withgoogle.com https://securityheaders.io/
Read more

Nginx Best Practices Extended

Based on a gisthub configuration, which I thought was worth going through piece by piece. https://gist.github.com/plentz/6737338 https://github.com/BIAndrews/nginx-compliance-config HTTP2  https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-with-http-2-support-on-ubuntu-16-04 https://developers.google.com/web/tools/lighthouse/audits/http2 https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis Avoid If https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ SSL Configuration https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://stackoverflow.com/questions/24594971/how-to-changehide-the-nginx-server-signature  Strict Transport Security (HSTS) https://hstspreload.org/ https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compati...
Read more

Bootstrap Cheatsheet

There are many things I wouldn't call myself a master of but bootstrap is one of them. I never seem to have difficultly with css but do forget a few things cause they aren't really all that important ! Haha css joke... https://stackoverflow.com/questions/11425115/css-media-queries-for-pixel-density-moz-min-device-pixel-ratio-vs-min-moz-de https://stackoverflow.com/questions/23700941/bootstrap-full-responsive-navbar-with-logo-or-brand-name-text https://stackoverflow.com/questions/8805208/css-min-width-and-max-width-and-flexible-layout Positions Learn CSS Positioning in Ten Steps: position static relative absolute float CSS z-index property CSS Positioning Free responsive html5 CSS website templates, create your own free website How to Center Anything with CSS 50+ Nice Clean CSS Tab-Based Navigation Scripts Table centering using CSS or HTML: theodorakis.net HTML5 Simplequiz 6: Zeldman’s fat footer | HTML5 Doctor CSSTidy https://css-tricks.com/multi...
Read more

Popular posts from this blog

Aspetcore: NLog with Postgresql

This Article is base ASP.Net Core 2 and the latest version of Nlog. 1. Install NLog and the Postgresql Package Using NuGet to install the package into your ASP.NET Core project: PM > Install-Package NLog.Web.AspNetCore PM > Install-Package Npgsql 3. Register NLog Add in your Startup.cs  public void Configure ( IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory ) { ... env.ConfigureNLog( "nlog.config" ); ... // make sure Chinese chars don't fk up Encoding.RegisterProvider(CodePagesEncodingProvider.Instance); //add NLog to ASP.NET Core loggerFactory.AddNLog(); //add NLog.Web app.AddNLogWeb(); } 4. Add to Your Controller Add a logger object to your Controller. private readonly ILogger<YourController> _logger; Modify the constructor to use it public YourController ( ILogger<YourController> logger = null ) { if ( null != logger) { _logger = logger; ...
Read more

Mongodb Cheatsheet

This cheat sheet is based on the latest version of mongodb, which initial had setup and didn't encounter any problems. However that all changed when I was working remote and forgot I disabled the port no my network, rather than with the server. So I went pointing around where I didn't need to and ended up messing things up. The Best tutorial out there is of course on digital ocean for my setup on ubuntu 16.04 , this articles isn't so much about getting setup. I just wanted to include it because I found myself looking back at it to see if I missed a step. Bugs/Problems Now comes all the messed up things I found and had to deal with. firewall - Port seems to be open, but connection refused try using 0.0.0.0 in the bin_ip for the /etc/mongo.conf try sudo ufw disable and check to see if it works without the firewall (probably still wont but worth a shot), then just sudo ufw enable. Make sure port 27017 is open. Then check this  linux - Connection refused to MongoDB e...
Read more

Installing Windows on Acer chromebook 15 cb3-532

Much of my notes are just small problems I faced (what's new!) haha. Either way this was a really fun project to do for a friend and I got excited once I research all the information. You can find instruction videos but what helped me the most was the coolstar website. Sadly they don't have parameters in the url so I can link the machine I used in this article. -  https://coolstar.org/chromebook/windows-install.html Scared of messing with the bios? Don't be!    So you need to first remove the screw to put a legacy bios on the machine. Its easy to backup the chrome os one and with the same steps to change it. You can go back in and revert to the chrome version bios. Its that last part that had me worried and its very easy to do.  Problems getting into Developer Mode?   Follow the instructions to the letter, during the step to disable the OS verification, press Ctrl-D to boot into os. If you hear two beeps I would go back to set one. I got in a loo...
Read more