Articles : Page 1 of 1

  • 6 Ways To Avoid Mass Assignment in ASP.NET MVC

    6 Ways To Avoid Mass Assignment in ASP.NET MVC

    Mar 12
    12

    One of the scenarios that I always demonstrate during an ASP.NET MVC class is how to create a mass assignment vulnerability and then execute an over-posting attack. It is a mass assignment vulnerability that led to a severe problem on github last week. Let's say you have the following model. public class User { public string FirstName { get; set; } public bool IsAdmin { get; set; } } When you want to let a regular user change their first name, you give them the following form. @usin...

  • The evolution of asynchronous controllers in ASP.NET MVC

    The evolution of asynchronous controllers in ASP.NET MVC

    Jan 12
    09

    Asynchronous operations in ASP.NET MVC have always been left a bit behind. They appeared in ASP.NET MVC 2, remained untouched in v3, but now in MVC 4 (especially  in combination with C# 5 and async/await) they reached the same easiness of use of the standard synchronous controller. Now (or better, in a few months with the release of ASP.NET MVC 4, .NET 4.5 and C# 5) you can write public async Task<ViewResult> Stuff() { return View(await DoStuff("Some stuff")); } In this post I’m going to...

  • Two bugs in ASP.NET MVC 3 and a workaround for both

    Two bugs in ASP.NET MVC 3 and a workaround for both

    Jun 11
    14

    So I spent an hour today arsing about with a couple of ASP.NET MVC 3 bugs. One was a Routing issue that caused it to act differently to MVC 2. The second I found was a FormsAuthentication issue that insisting on sending me to /Account/Login. Amazing how this crept in really given that it was community tested to death with such a massive ASP.NET MVC following so it is a wonder they weren't weeded out and fixed before RTM. Oh well, don't pretend you don't like a challenge. Routing doesn't work t...

  • Adding MVC dependencies to a project for deployment

    Adding MVC dependencies to a project for deployment

    Jun 11
    13

    Deployment of new web applications has been a bit annoying since the birth of ASP.NET MVC. Production servers with .NET 4 or 3.5 installed will still be missing key assemblies such as System.Web.Mvc.dll. This will cause errors such as "Could not load file or assembly 'System.Web.WebPages.Razor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies" and "Could not load file or assembly 'System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf38...

  • 1