Articles : Page 1 of 1
-
6 Ways To Avoid Mass Assignment in ASP.NET MVC
Mar 1212One of the scenarios that I always demonstrate during an ASP.NET MVC class is how to create a mass assignment vulnerability and then execute an over-posting attack. It is a mass assignment vulnerability that led to a severe problem on github last week. Let's say you have the following model. public class User { public string FirstName { get; set; } public bool IsAdmin { get; set; } } When you want to let a regular user change their first name, you give them the following form. @usin...
-
The evolution of asynchronous controllers in ASP.NET MVC
Jan 1209Asynchronous operations in ASP.NET MVC have always been left a bit behind. They appeared in ASP.NET MVC 2, remained untouched in v3, but now in MVC 4 (especially in combination with C# 5 and async/await) they reached the same easiness of use of the standard synchronous controller. Now (or better, in a few months with the release of ASP.NET MVC 4, .NET 4.5 and C# 5) you can write public async Task<ViewResult> Stuff() { return View(await DoStuff("Some stuff")); } In this post I’m going to...
-
RFC: Web Platform Installer (WebPI) with an offline feed mode for bandwidth savings
Sep 1124My wife is in the Kingdom of Swaziland this evening. If she was a developer over there and wanted to use Web Platform Installer to get Visual Studio or some large download she would have to patiently bring the bits down over 3G. If she was very well off, she might have ASDL with a maximum speed of 512kbps down, most likely with a cap. I've talked about limited connectivity in African countries and other nations (*cough* New Zealand *cough*) before on this blog and it's no fun. I've told the w...
-
Two bugs in ASP.NET MVC 3 and a workaround for both
Jun 1114So I spent an hour today arsing about with a couple of ASP.NET MVC 3 bugs. One was a Routing issue that caused it to act differently to MVC 2. The second I found was a FormsAuthentication issue that insisting on sending me to /Account/Login. Amazing how this crept in really given that it was community tested to death with such a massive ASP.NET MVC following so it is a wonder they weren't weeded out and fixed before RTM. Oh well, don't pretend you don't like a challenge. Routing doesn't work t...
-
Adding MVC dependencies to a project for deployment
Jun 1113Deployment of new web applications has been a bit annoying since the birth of ASP.NET MVC. Production servers with .NET 4 or 3.5 installed will still be missing key assemblies such as System.Web.Mvc.dll. This will cause errors such as "Could not load file or assembly 'System.Web.WebPages.Razor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies" and "Could not load file or assembly 'System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf38...
- 1
