Enabling HSTS policy on IIS in Windows server

Follow the steps

Following step will help you in enabling HSTS policy in IIS on Windows Server

1. Open IIS (Press Windows logo key + R, then enter "inetmgr" in box and press Enter Key")
2. Select the website you want to enable HSTS
3. In "Features View" pane, locate & double click "HTTP Response Headers".
   
   
   
   
   
4. In "HTTP Response Headers", click on "Add" link in "Actions" pane.
5. In Dialog box, enter
   Name: Strict-Transport-Security
   Value: max-age=31536000; includeSubDomains
   
   
   
   
   
6. Click on OK.
7. Done.

Enable HSTS on for all websites on your server

1. Visit each hosted site and check whether HSTS is enabled on any site
2. If you find any site having "Strict-Transport-Security" under "HTTP Response Headers" then right click on it and remove 
   
   
   
   
   
3. Perform step 2 for all sites having "Strict-Transport-Security" enabled
4. Now, locate root node in your IIS "Connections" pane (left hand side).
5. Locate "HTTP Response Headers" and enable it as mentioned in steps above

Important Step 1, 2, 3 are must to perform. If you miss then site which have HSTS enabled already will show errors.

Disabling Diffie-Hellman Key Exchange in IIS on Windows Server

Follow the steps

Following step will help you in disabling Diffie-Hellman Key Exchange in IIS on Windows Server

Removing insecure Ciphers on Windows server using Group Policy Editor

 Follow the steps

Disabling TLS 1.0, TLS 1.1 and enabling TLS 1.2 on Windows server

Before you start

Creating your free Microsoft Azure Account

Repository - give me data

Repositories have very simple and single aim - i.e. to do CRUD (Create, Read, Update, Delete) operations on data. Following points need to consider when you create a Repository class.

Single Responsibility Principle (SRP)

Symptoms / problems

If you are facing any of the following problems randomly or repeatedly then your class is not following SRP

How do I write API to delete a resource ?

Generally, we delete single resource at once so your route ends with an identifier of resource. Method you use to delete a resource is DELETE

How do I write API to update resource partially ?

PATCH method is an answer to this question. It allows you update resource partially. How? Its quite debatable topic that how you really update a resource partially. Some may say that you send only properties which need update but the problem is that you can not identify difference between setting a null value to property and ignoring a property (If you do not send some properties from request then on server they are null by default). So, guidelines state that -

How do I write API to update a resource ?

Updating a complete resource in terms of API is nothing but replacing (PUTing) contents of a resource. Optionally, it can be used for creating a resource if it does not exist. Generally, end point is a singular.

How do I write API to read/get a resource collection ?

To read resource collection from server you must use HTTP GET method. If GET Api returns a collection then it must be plural.

How do I write API to read/get/find a resource ?

To read resource from server you must use http method i.e. GET. In general, GET APIs end with plural end points followed by identifier.

General API coding guidelines

Its always advisable to follow suggested guidelines while writing APIs (can be violated for really good reason).

How do I write API to create a resource ?

Creating a resource in terms of API is nothing but adding a new resource to some collection (should I say PUSHing a resource?). This means your end point should be plural as it has to indicate a collection.

API Route Naming Guidelines

1. Uniform Resource Locator (URL) indicates that it talks about a resource and its location so ideally every URL should tell about a resource or its collection, API is no exception.

Handler "ExtensionlessUrlHandler-Integrated-4.0" has a bad module "ManagedPipelineHandler" in its module list

While hosting asp.net Web APIs on IIS (Internet Information Services) you may face an exception saying Handler "ExtensionlessUrlHandler-Integrated-4.0" has a bad module "ManagedPipelineHandler" in its module list. Major cause of this exception is that you have not enabled asp.net 4.6 or 4.7 in IIS.

ASP.net: How to apply style on input control when validator is active?

Question:
How to apply style on input control when validator is active?

ASP.net: Everything is fine, but Autopostback is not working in cascading dropdownlist. Why?

Question:
ASP.net: Everything is fine, but Autopostback is not working in cascading dropdownlist. Why?

ASP.net: Bootstrap alerts from server side code

Question:
Can I implement Bootstrap alerts from asp.net server side code? How?

Everything is fine but oledbCommand does not work with MS Access database

While working MS Access and vb.net together, i found a small limitation of OLEDB provider.