Tusk Software Blog

How to force pages to *not* use SSL in ASP.NET MVC by creating a ForbidHttpsAttribute

Here's a quick one for you.

There are times when you want to require a page be transmitted over TLS (transport layer security) using SSL (secure sockets layer). Anytime you are transmitting sensitive information over the wire, requiring HTTPS is a good idea. We actually require SSL sitewide now because Google encourages it. We'll assume that you already know about the reasons for encrypting traffic and when to do so. However, there are times when you want just the opposite- you want requests to a page to *not* use TLS, just plain old HTTP.

So what are the reasons that you would want to to this?

Read on

Using reCAPTCHA With ASP.NET MVC Forms, Part 1

Google's "no CAPTCHA" reCAPTCHA update makes the process of answering CAPTCHA challenges virtually painless to humans while actually improving the security against bots. Due to the improved usability, we decided to include this in our own contact form. With a standard form using a full postback, this is a pretty straightforward process. However, using ajax validation and form submission proved to be a little bit trickier- we'll get to that in a later post. In this post, we'll cover how to use Google's reCAPTCHA with ASP.NET MVC's Html.BeginForm() Razor helper method to provide security against spammers while maintaining a nice user experience. Read on