EPiServer, EPiServer 8, NWebsec, Security

Manage your security headers in EPiServer

As security is getting more and more important these days, as if it wasn’t before… you probably add some response headers to add some extra security. Problem is, I find, that if you set them to strict or to easy, you will need a new deploy, if you manage them in your web.config.

There is a nice library called NWebsec that you can use to do it in code. But you will also need a deploy to change your settings.

I have uploaded a package to EPiServer NuGet where you can manage them in admin mode. It uses NWebsec to enforce the settings you configure there. The source is on GitHub as usual.

Just remember to exclude the NWebsec assemblies from being scanned by EPiServer, as an error will be thrown. 

<episerver.framework>
    ...
    <scanAssembly forceBinFolderScan="true">
      <add assembly="*"/>
      <remove assembly="NWebsec" />
      <remove assembly="NWebsec.Core" />
      <remove assembly="NWebsec.Mvc" />
    </scanAssembly>
    ...
</episerver.framework>

One last thing, as the settings are loaded on start up, changing them will restart your website. Just so you know.

Published by Jeroen

I am a .net developer based in the Netherlands. I am an Optimizely MVP, SME and a Microsoft Certified Professional Developer.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s