Bill Morefield My thoughts, discoveries, and occasional rambiings.

July 29, 2014

My Article on Preventing XSS in ASP.NET Published

Filed under: article,aspnet,web — Tags: , , , — Bill Morefield @ 9:16 pm

My article on Preventing XSS in ASP.NET is up at NetTuts this week. Follows earlier articles on SQL Injection and Preventing CSRF.

December 30, 2011

Moving Web Servers

Filed under: aspnet,web — Tags: , , , , — Bill Morefield @ 9:08 am

A few notes from the recent move of about ten web sites from one server to another.


Plesk is a nice tool for managing web sites, but I’ve found the migration tool to be so quirky as to be useless.  Last time I migrated servers I spent more time migrating than manually moving them would have taken.  This time, I spent about two hours fighting the migration tool before doing a simple backup/restore through Plesk.  Due to space limitations of old server I couldn’t migrate content through backup/restore, but a simple FTP took care of that.  Worked much more smoothly and I had everything done in about four hours total.

Migrating Databases

There needs to be an easier way to move a database from one site to another.  That took much of the time of the move and in the end I again found just moving the actual files to be the easiest method.

Logins also cause problems when you backup/restore or move the database file.  The login is server level, but the details reside in the database.  When you restore or attach, the two aren’t automatically connected.  You can either delete the user in the database and recreate (not always possible or desirable) or use the sp_change_users_login stored procedure to link the two.  I know that stored procedure is deprecated, but old habits die hard.  The replacement is the ALTER USER command, but the stored procedure still works in Microsoft SQL 2008.

Showing ASP Errors under Windows 2008

ASP still lives.  Two of the sites run, and work quite well, as ASP pages.  Out of the box Windows 2008 doesn’t provide much useful information for errors.  You can fix that using two steps of the web site:

  1. Set Site –> ASP –> Debugging –> Send Errors to Browser to True and click Apply
  2. Set Site –> Error Pages –> 500 –> Edit Feature Settings to Detailed Errors if you need to be able to troubleshoot from a remote connection.  The default only sends the detailed error to local connections.
  3. Change back if desired after the problems are resolved.

ASP Parent Paths under Windows 2008

A lot of ASP pages use parent paths and these are not turned on by default in Windows 2008.  This can be changed under the Virtual Application Settings –> Allow Parent Paths.

ASP.NET Migration

Always check the version of .NET the application is running under.  Most problems come back to this.  Next check any database connection string point to the correct server.  About 90% of errors after a move are one of those two items.

Update – SQL 2008 Issue

Found an issue I’d not encountered before when installing SQL 2008 Express R2.  It installed with dynamic ports by default.  Likely related to the fact I installed SQL using the web platform and not installing directly.  For info and changes to fix see

Powered by WordPress