Articles : Page 1 of 1

  • Dynamic JSON Parsing in .NET with JsonValue

    Dynamic JSON Parsing in .NET with JsonValue

    Mar 12
    19

    So System.Json has been around for a while in Silverlight, but it's relatively new for the desktop .NET framework and now moving into the lime-light with the pending release of ASP.NET Web API which is bringing a ton of attention to server side JSON usage. The JsonValue, JsonObject and JsonArray objects are going to be pretty useful for Web API applications as they allow you dynamically create and parse JSON values without explicit .NET types to serialize from or into. But even more so I think...

  • Preventing CSRF With Ajax

    Preventing CSRF With Ajax

    Oct 11
    11

    A long while ago I wrote about the potential dangers of Cross-site Request Forgery attacks, also known as CSRF or XSRF. These exploits are a form of confused deputy attack. Screen grab from The Police Academy movie.In that post, I covered how ASP.NET MVC includes a set of anti-forgery helpers to help mitigate such exploits. The helpers include an HTML helper meant to be called in the form that renders a hidden input, and an attribute applied to the controller action to protect. These helpers...

  • What’s the Difference Between a Value Provider and Model Binder?

    What’s the Difference Between a Value Provider and Model Binder?

    Jun 11
    30

    ASP.NET MVC 3 introduced the ability to bind an incoming JSON request to an action method parameter, which is something I wrote about before. For example, suppose you have the following class defined (keeping it really simple here): public class ComicBook { public string Title { get; set; } public int IssueNumber { get; set; } } And you have an action method that accepts an instance of ComicBook: [HttpPost] public ActionResult Update(ComicBook comicBook) { // Do something with ComicBo...

  • 1