Articles : Page 1 of 2
- Filter:
- Security
- Controller
-
ASP.NET MVC + Selenium + IISExpress
Dec 1122The goal of this blog entry is to explain how you can create integration tests for ASP.NET MVC applications by using a combination of Selenium WebDriver and IISExpress. Integration tests are useful when you want to test an entire user story. For example, you might want to test whether a user can successfully add an item to a shopping cart. Adding an item to a shopping cart might require the execution of C# code, database code, and JavaScript code. Using an integration test, you can verify t...
-
Preventing CSRF With Ajax
Oct 1111A long while ago I wrote about the potential dangers of Cross-site Request Forgery attacks, also known as CSRF or XSRF. These exploits are a form of confused deputy attack. Screen grab from The Police Academy movie.In that post, I covered how ASP.NET MVC includes a set of anti-forgery helpers to help mitigate such exploits. The helpers include an HTML helper meant to be called in the form that renders a hidden input, and an attribute applied to the controller action to protect. These helpers...
-
7 books for a .NET Summer reading list (2011 version)
Sep 1112In the previous years “n books for a .NET Summer reading list” used to be the title of the book list post. Now, in the last of my 4 posts with books suggestions I am back to the original title. In my introductory post I said I would have listed only a few web development on .NET books. In fact there are only 2. Web Development on .NET Professional ASP.NET MVC 3 While Professional ASP.NET MVC v2 was mainly an update of the original professional MVC1 book, the third remake, due to the nature o...
-
NuGet Package of the Week #9 - ASP.NET MiniProfiler from StackExchange rocks your world
Jul 1122I LOVE great debugging tools. Anything that makes it easier for me to make a site correct and fast is glorious. I've talked about Glimpse, an excellent firebug-like debugger for ASP.NET MVC, and I've talked about ELMAH, and amazing logger and error handler. Now the triad is complete with MiniProfiler, my Package of the Week #9. Yes, #9. I'm counting System.Web.Providers as #8, so phooey. ;) Hey, have you implemented the NuGet Action Plan? Get on it, it'll take only 5 minutes: NuGet Action...
-
Great Free Video Training on ASP.NET Web Forms and ASP.NET MVC
May 1116We’ve recently published some great end-to-end ASP.NET video training courses on the http://asp.net web-site. Created by Pluralsight (a great .NET training company), these video courses are available free of charge and provide a great way to learn (or brush-up your knowledge of) ASP.NET Web Forms 4 and ASP.NET MVC 3. Each course is taught by a single trainer, and provides a nice end-to-end curriculum (from basic concepts to working with the new Entity Framework “code first” model to securit...
-
Conditional Filters in ASP.NET MVC 3
Apr 1125Say you want to apply an action filter to very action except one. How would you go about it? For example, suppose you want to apply an authorization filter to every action except the action that lets the user login. Seems like a pretty good idea, right? Currently, it takes a bit of work to do this. If you add a filter to the GlobalFilters.Filters collection, it applies to every action, which in the previous scenario would mean you already need to be authorized to login. Now that is security ...
-
Being Constructive
Mar 1119I want to like Entity Framework. I did a whole screencast series on the thing and to be honest, I grew to like it. It’s very capable and if you play along with it’s rules can save you a lot of work. This post isn’t about EF. It’s about an MSDN post that was put up that I just linked to - and I thought about it afterward and … well I could probably be a bit more constructive. It’s late, I’ve had a beer or 2, and I was a bit quick to hit publish. The thing that pushed me over a bit was this ...
-
Being Constructive
Mar 1119I want to like Entity Framework. I did a whole screencast series on the thing and to be honest, I grew to like it. It’s very capable and if you play along with it’s rules can save you a lot of work. This post isn’t about EF. It’s about an MSDN post that was put up that I just linked to - and I thought about it afterward and … well I could probably be a bit more constructive. It’s late, I’ve had a beer or 2, and I was a bit quick to hit publish. The thing that pushed me over a bit was this ...
-
Link Rollup: New Documentation and Tutorials from Web Platform and Tools
Jan 1114Lots of cool stuff was released yesterday that I mentioned in the post ASP.NET MVC3, WebMatrix, NuGet, IIS Express and Orchard released - The Microsoft January Web Release in Context. The Web Platform Tools Content Team has been working hard on new content and tutorials to get you up to date on all this fun new stuff. Here's a link rollup from Wade's documentation team. Congratulations to Mike Pope, Tim Teebken, Rick Anderson, Tim Ammann, Keith Newman, Erik Reitan and Tom Dykstra on a gre...
-
Announcing Entity Framework Code-First (CTP5 release)
Dec 1008This week the data team released the CTP5 build of the new Entity Framework Code-First library. EF Code-First enables a pretty sweet code-centric development workflow for working with data. It enables you to: Develop without ever having to open a designer or define an XML mapping file Define model objects by simply writing “plain old classes” with no base classes required Use a “convention over configuration” approach that enables database persistence without explicitly configuring anyt...
- 1
- 2
