Turning the establishSecurityContext off (it’s on by default) was recommended in the IAC course on Pluralsight by Dominick Baier in the Security Best Practices module, State Management when making lots of short calls. “Other protocols like the WS 2007 Federation HttpBinding, they support state and unfortunately it’s turned on by default…. [uses] WS-Secure ......

---

In this post, I wanted to share some thoughts and resources that I’ve collected since learning about Behavior Driven Development (BDD) (as of June 2013). Thinking in BDD terms has really helped me in improving my software development and thinking through problems. I remember a day when it clicked. It was an exciting time for me and I don’t planning ......

---

I just read this article in the June MSDN magazine by Peter Vogel and thought it needed to be highlighted. If you're using WebAPI you should think about Cross-Site Request Forgeries. It also applies to the 70-487 test. "ASP.NET doesn’t automatically protect you against Cross-Site Request Forgery (CSRF/XSRF) attacks (more on that later)." "When a user ......

---

I needed to unit test a WebAPI call in my MVC 4 application that checks the user's role. I'm doing this in my MVC controllers with the following code using FakeItEasy (I should do a post on that sometime): this.UserPrincipalFake = A.Fake<IPrincipal>(); A.CallTo(() => this.UserPrincipalFake.Iden... A.CallTo(() ......

---