Wednesday, February 23, 2011

Forcing canonical hostnames

Due to the restrictions of WCF services I was sent on a quest to find out how to manage allowing http://www.example.com and http://example.com. It wasn't as easy as I had hoped until I found this article.

I have seen all over the place that it is best practice to force canonical host names. This means example.com should be redirected to www.example.com. The problem with simple redirection is that it doesn't appear to redirect query strings so old links will break on you if you just use 301 redirects.

I asked around and found out you can accomplish redirection and keep query strings using the rewrite module for IIS. You can download it here.

The module simply sits in IIS's main features view. You can easily set it up to redirect all of your example.com pages to www.example.com using the following settings:

Wednesday, February 2, 2011

WCF Service References

Today, I learned how much of a pain it is to deal with back-end security and Ajax. Not liking the idea of exposing my data using JSONP I decided to create a WCF service that I could call through an MVC model/controller.

It was a major pain in the butt.

I am still not sure about the security modes as I am very new at WCF but at least I got it functioning. One thing I discovered is if you are disabling security in wsHttpBinding's you need to include this: <servicesecurityaudit messageauthenticationauditlevel="None"> under your behavior and then add
    <bindings>

      <wsHttpBinding>

        <binding name="wsHttpBinding">

          <security mode="None"/>

        </binding>

      </wsHttpBinding>

    </bindings>

under
  <system.serviceModel>
I just did this for testing purposes and will definitely get it changed when I decide what authentication mode I want.