A 5-post collection

Implementing a content security policy with NWebsec, Azure Table Storage and Raygun

I love it when a whole bunch of different bits play really nice together, especially when it’s making things more secure. Today I decided to properly implement a content security policy (CSP) on Have I been pwned? (HIBP) and managed to tie in a whole bunch of nice bits to create what I reckon is a pretty neat implementation. Firstly, if CSP is new to you, go and read Scott Helme’s overview [] which is excellent. The tl;dr version...

Fail fast when the cloud fails you

It’s never real nice waking up to something like this: This was Have I been pwned? [] (HIBP) first thing my Saturday morning. The outage was accompanied by a great many automated email notifications and manual reminders from concerned citizens that my site was indeed, down. Having my Azure showcase site down at the very same moment as my Pluralsight course on Azure was launched – Modernizing Your Websites with Azure Platform as a Service [

Applied Azure: Infographic of how “Have I been pwned?” orchestrates Microsoft’s cloud services

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [] Remember the good old days when a website used to be nothing more than a bunch of files on a web server and a database back end? Life was simple, easy to manage and gloriously inefficient. Wait – what? That’s right, all we had was a hammer and we consequently treated every challen...

Raygun and ignoring specific Web API exception types

In the spirit of “here’s something I couldn’t find an easy answer for so I’m writing it myself”, let me very briefly run you through how to have Raygun ignore specific exception types raised by Web API. Firstly, Web API support came a couple of months ago [] which is rather important given how much stuff is transitioning to APIs these days. I use Web API fairly extensively in Have I been pwned? [] (HIBP), partl...

Error logging and tracking done right with Raygun

For some years now, one of the first things I’ve dropped into any new project has been ELMAH []. Grab it from NuGet, provision yourself a SQL database table and watch magic happen as every unhandled error gets dumped into the DB and is reviewable via a handler which exposes the original stack trace amongst other info such as server variables and POST data. In theory, you also secure this. In practice, many people don’t [