How to delete the IIS ASP.NET response headers for security sake

There are some nice plugins out there like “BuiltWith” and “Web Server Notifier” and many others that allow you to see the platform that websites run on.

These tools will show what server you’re using like Apache, IIS, Nginix etc. and your security people in your company will ask you to turn off the sharing of this information.

Here’s what I do to remove that information and I use IIS so I add this section to my web config.

            <remove name="X-Powered-By" />
            <remove name="X-AspNet-Version" />
            <remove name="Server" />

Change my connectionstring for debug and release config

This is part of a multi page blog post where I talk about what I do after I setup my Visual Studio ASP.NET MVC (non-Core) project.

To go back to the previous posts or start at the beginning, please go to the links below:

  1. How I Setup my Visual Studio Website Project Asp.Net MVC (non-Core)

At this point I don’t like to use the LocalDb for my database but SKIP THIS STEP if you’re OK using the LocalDb provided.

In my Web.Config file, find the section which should be on top and change the entry from this:

        &lt;add name=&quot;DefaultConnection&quot; connectionString=&quot;Data Source=(LocalDb)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\aspnet-vsStarterKit.mdf;Initial Catalog=aspnet-vsStarterKit-20170302095959;Integrated Security=True&quot; providerName=&quot;System.Data.SqlClient&quot; /&gt;

to this:

        &lt;add name=&quot;DefaultConnection&quot; connectionString=&quot;Data Source=(local);Initial Catalog=YOUR_DB;Integrated Security=True&quot; providerName=&quot;System.Data.SqlClient&quot; /&gt;

At the same time, I also change my Web.Release.config connection string to point to my live database when I publish.

On publish, it will swap the connection string so one less step.

&lt;?xml version=&quot;1.0&quot;?&gt;
&lt;configuration xmlns:xdt=&quot;;&gt;
        &lt;add name=&quot;DefaultConnection&quot; connectionString=&quot;Data Source=(local),1533;Initial Catalog=YOUR_DB_NAME;Persist Security Info=True;User ID=YOUR_LOGIN_ID;Password=YOUR_PWD;MultipleActiveResultSets=True&quot; xdt:Transform=&quot;SetAttributes&quot; xdt:Locator=&quot;Match(name)&quot;/&gt;
        &lt;compilation xdt:Transform=&quot;RemoveAttributes(debug)&quot; /&gt;

Step #3 – Coming Soon

How I setup my Visual Studio website project ASP.NET MVC (non-Core)

This will be a long series of blog posts that will take you beyond the starter template provided by Visual Studio for making websites.

It’s easy to create a new website from the templates but these posts will take you beyond that as you need to add more to it in order to have a fully functional site with static pages for privacy policy, terms of service etc. along with having a robots.txt & sitemap.xml file.

These steps are what I use as my Starter Kit above and beyond what is provided in the templates.

I’m using the non-Core version for these posts but plan on creating a Core version that mimics the same steps.

I’m assuming that you already have Visual Studio loaded on your computer, if not please download a copy of Visual Studio here

Step #1: Create a new ASP.NET Web Application (.NET Framework) w/Individual User Accounts

  • Click File > New > Project in your Visual Studio app and you will see the screen below, make sure you select what I have highlighted in yellow and click the OK button.


  • You will then move to the next screen, choose the Change Authentication button and make sure Individual User Accounts is selected then click the OK button and OK button again to create the project.


  • (optional) I like to see all of my files in the project and it’s just a quirk of mine but I like it so if you want to follow me, highlight the project and click Show All Files icons and you will see all of the hidden files and folders in your project.


  • I like to update the NuGet packages at this point because these templates are always behind, once you do that, make sure to do a Clean Solution and Rebuild Solution after the Nuget packages are updated to make sure everything compiles properly.


Step #2: Change my connection strings

C# Web Scraping Library

I just started to delve into website scraping as I periodically like to hit a website for current prices and fluctuations on a timely basis.

I believe I was listening to a podcast of .NET Rocks – Scrappy where they mentioned this library and if you know what episode please tell me so I can update the post for others who want to listen.

It really looks simple to use and pretty great so I’m currently playing with it now and I’ll write more about this as I use it and what project I decide to use it on.

Data Annotations Examples for C#

Using data annotations in c# is a simple way to handle validations in your model. The example below show you how to:

  1. Make a filed “required”
  2. Change the “display name” for what the clients see
  3. Denotes the field as an “email” type
[Display(Name = &quot;Email Address&quot;)]
public string Email { get; set; }

Here’s an example of “string length” with an “error message”:

[StringLength(100, ErrorMessage = &quot;The {0} must be at least {2} characters long.&quot;, MinimumLength = 6)]
public string Title { get; set; }

If you’re working with a password field and want to also confirm the password, here’s an example of that:

[StringLength(100, ErrorMessage = &quot;The {0} must be at least {2} characters long.&quot;, MinimumLength = 6)]
[Display(Name = &quot;Password&quot;)]
public string Password { get; set; }
[Display(Name = &quot;Confirm password&quot;)]
[Compare(&quot;Password&quot;, ErrorMessage = &quot;The password and confirmation password do not match.&quot;)]
public string ConfirmPassword { get; set; }

If you’re dealing with a range where you want the user to pick from 0 to 10 per se, you want to use the “Range” data annotation. Below is an example of using credits with 0 to 5:

[Range(0, 5)]
public int Credits { get; set; }

If you want to create a textarea which has several lines for users to type in, this is the annotation you can use:

public string Body { get; set; }

not quite finished yet…