Articles : Page 1 of 4
-
6 Ways To Avoid Mass Assignment in ASP.NET MVC
Mar 1212One of the scenarios that I always demonstrate during an ASP.NET MVC class is how to create a mass assignment vulnerability and then execute an over-posting attack. It is a mass assignment vulnerability that led to a severe problem on github last week. Let's say you have the following model. public class User { public string FirstName { get; set; } public bool IsAdmin { get; set; } } When you want to let a regular user change their first name, you give them the following form. @usin...
-
The evolution of asynchronous controllers in ASP.NET MVC
Jan 1209Asynchronous operations in ASP.NET MVC have always been left a bit behind. They appeared in ASP.NET MVC 2, remained untouched in v3, but now in MVC 4 (especially in combination with C# 5 and async/await) they reached the same easiness of use of the standard synchronous controller. Now (or better, in a few months with the release of ASP.NET MVC 4, .NET 4.5 and C# 5) you can write public async Task<ViewResult> Stuff() { return View(await DoStuff("Some stuff")); } In this post I’m going to...
-
FluentValidation v3: ASP.NET MVC validation interceptors
Apr 1128This is part 3 in a series about new features in FluentValidation v3. Part 1 – RuleSets Part 2 – CustomizeValidatorAttribute Part 3 – ASP.NET MVC Validation interceptors Since ASP.NET MVC 2 was released last year, FluentValidation has had the ability to plug into the MVC validation pipeline using a custom ModelValidatorProvider. However, one of [...]...
-
MVC 3 AdditionalMetadata Attribute with ViewBag to Render Dynamic UI
Jan 1131A few months ago I blogged about using Model metadata to render a dynamic UI in MVC 2. The scenario in the post was that we might have a view model where the questions are conditionally displayed and therefore a dynamic UI is needed. To recap the previous post, the solution was to use a custom attribute called [QuestionId] in conjunction with an “ApplicableQuestions” collection to identify whether each question should be displayed. This allowed me to have a view model that looked like this: ...
-
Class-Level Model Validation with EF Code First and ASP.NET MVC 3
Dec 1010Earlier this week the data team released the CTP5 build of the new Entity Framework Code-First library. In my blog post a few days ago I talked about a few of the improvements introduced with the new CTP5 build. Automatic support for enforcing DataAnnotation validation attributes on models was one of the improvements I discussed. It provides a pretty easy way to enable property-level validation logic within your model layer. You can apply validation attributes like [Required], [Range], a...
-
An easy approach to adding user notifications to ASP web applications
Dec 1007We all have to do it inform the user of some status such as whether their edit saved properly and/or if a form submission was successful. The work here is based on something I picked up on the this blog: http://blog.idleworx.com/2010/11/friendly-css-error-messages-for-java.html. I changed things slightly to take advantage of the .NET environment. Have you ever wanted user notifications that faded out over a certain time interval? Perhaps you want the user to be able to click a message to m...
-
Using RavenDB with ASP.NET MVC
Nov 1008Traditionally when you think about a database you think of tables, views, indexes and stored procedures. If you have made a career out of developing database centric applications like I have, then chances are that you have spent a great deal of time dealing with issues around referential integrity, normalization and performance. Unless you have been living underneath a rock, then you have probably heard of the newest database trend named NoSQL. NoSQL refers to non relational document databas...
-
Using Powershell to make your NuPack Packages – more Awesome
Oct 1028Yeah.. Its a cheesy title but what can I say. You can file this under “why nupack is not just for open source”. We are using Nupack to distributed dependencies libraries and for the UI Framework where I work (Dell). My team is responsible for the UI Framework which builds on top of MVC2 and while we try to be unobtrusive, there are a few spots where the easiest form of integration caused us some pain as far as walking teams through setting up our framework. That aside, I think this technique i...
-
MvcSiteMapProvider 2.2.0 released
Oct 1027Im proud to announce that MvcSiteMapProvider 2.2.0 has just been uploaded to CodePlex. It should also be available through NuPack in the coming hours. This release has taken a while, but thats because Ive been making some important changes... MvcSiteMapProvider is, as the name implies, an ASP.NET MVC SiteMapProvider implementation for the ASP.NET MVC framework. Targeted at ASP.NET MVC 2, it provides sitemap XML functionality and interoperability with the classic ASP.NET sitemap controls, li...
-
Introducing NuPack Package Management for .NET - Another piece of the Web Stack
Oct 1006Microsoft's been filling out the Web Stack with more and more right-sized LEGO pieces lately, and today ScottGu announced the developer preview of NuPack. It's a piece of the stack that's been notably missing for years and after using it for a while now, I'm not sure how I lived without it. NuPack is a package management system for .NET. The goal of NuPack is to make the process of incorporating third party libraries into your solutions as simple as possible. NuPack - The Idea Here's how ...
