Articles : Page 1 of 1
-
6 Ways To Avoid Mass Assignment in ASP.NET MVC
Mar 1212One of the scenarios that I always demonstrate during an ASP.NET MVC class is how to create a mass assignment vulnerability and then execute an over-posting attack. It is a mass assignment vulnerability that led to a severe problem on github last week. Let's say you have the following model. public class User { public string FirstName { get; set; } public bool IsAdmin { get; set; } } When you want to let a regular user change their first name, you give them the following form. @usin...
-
The evolution of asynchronous controllers in ASP.NET MVC
Jan 1209Asynchronous operations in ASP.NET MVC have always been left a bit behind. They appeared in ASP.NET MVC 2, remained untouched in v3, but now in MVC 4 (especially in combination with C# 5 and async/await) they reached the same easiness of use of the standard synchronous controller. Now (or better, in a few months with the release of ASP.NET MVC 4, .NET 4.5 and C# 5) you can write public async Task<ViewResult> Stuff() { return View(await DoStuff("Some stuff")); } In this post I’m going to...
- 1
