Articles : Page 1 of 3
-
Wishful Thinking: Why can't HTML fix Script Attacks at the Source?
Apr 1215The Web can be an evil place, especially if you're a Web Developer blissfully unaware of Cross Site Script Attacks (XSS). Even if you are aware of XSS in all of its insidious forms, it's extremely complex to deal with all the issues if you're taking user input and you're actually allowing users to post raw HTML into an application. I'm dealing with this again today in a Web application where legacy data contains raw HTML that has to be displayed and users ask for the ability to use raw HTML as...
-
Scott Hanselman's 2011 Ultimate Developer and Power Users Tool List for Windows
Dec 1101Everyone collects utilities, and most folks have a list of a few that they feel are indispensable. Here's mine. Each has a distinct purpose, and I probably touch each at least a few times a week. For me, util means utilitarian and it means don't clutter my tray. If it saves me time, and seamlessly integrates with my life, it's the bomb. Many/most are free some aren't. Those that aren't free are very likely worth your 30-day trial, and perhaps your money. Here are most of the contents of my ...
-
Implementing an Authorization Attribute for WCF Web API
Oct 1120If you’re not familiar with WCF Web API, it’s a framework with nice HTTP abstractions used to expose simple HTTP services over the web. It’s focus is targeted at applications that provide HTTP services for various clients such as mobile devices, browsers, desktop applications. In some ways, it’s similar to ASP.NET MVC as it was developed with testability and extensibility in mind. There are some concepts that are similar to ASP.NET MVC, but with a twist. For example, where ASP.NET MVC has fi...
-
NuGet Package of the Week #9 - ASP.NET MiniProfiler from StackExchange rocks your world
Jul 1122I LOVE great debugging tools. Anything that makes it easier for me to make a site correct and fast is glorious. I've talked about Glimpse, an excellent firebug-like debugger for ASP.NET MVC, and I've talked about ELMAH, and amazing logger and error handler. Now the triad is complete with MiniProfiler, my Package of the Week #9. Yes, #9. I'm counting System.Web.Providers as #8, so phooey. ;) Hey, have you implemented the NuGet Action Plan? Get on it, it'll take only 5 minutes: NuGet Action...
-
Great Free Video Training on ASP.NET Web Forms and ASP.NET MVC
May 1116We’ve recently published some great end-to-end ASP.NET video training courses on the http://asp.net web-site. Created by Pluralsight (a great .NET training company), these video courses are available free of charge and provide a great way to learn (or brush-up your knowledge of) ASP.NET Web Forms 4 and ASP.NET MVC 3. Each course is taught by a single trainer, and provides a nice end-to-end curriculum (from basic concepts to working with the new Entity Framework “code first” model to securit...
-
Being Constructive
Mar 1119I want to like Entity Framework. I did a whole screencast series on the thing and to be honest, I grew to like it. It’s very capable and if you play along with it’s rules can save you a lot of work. This post isn’t about EF. It’s about an MSDN post that was put up that I just linked to - and I thought about it afterward and … well I could probably be a bit more constructive. It’s late, I’ve had a beer or 2, and I was a bit quick to hit publish. The thing that pushed me over a bit was this ...
-
Being Constructive
Mar 1119I want to like Entity Framework. I did a whole screencast series on the thing and to be honest, I grew to like it. It’s very capable and if you play along with it’s rules can save you a lot of work. This post isn’t about EF. It’s about an MSDN post that was put up that I just linked to - and I thought about it afterward and … well I could probably be a bit more constructive. It’s late, I’ve had a beer or 2, and I was a bit quick to hit publish. The thing that pushed me over a bit was this ...
-
Link Rollup: New Documentation and Tutorials from Web Platform and Tools
Jan 1114Lots of cool stuff was released yesterday that I mentioned in the post ASP.NET MVC3, WebMatrix, NuGet, IIS Express and Orchard released - The Microsoft January Web Release in Context. The Web Platform Tools Content Team has been working hard on new content and tutorials to get you up to date on all this fun new stuff. Here's a link rollup from Wade's documentation team. Congratulations to Mike Pope, Tim Teebken, Rick Anderson, Tim Ammann, Keith Newman, Erik Reitan and Tom Dykstra on a gre...
-
Hosting the Razor Engine for Templating in Non-Web Applications
Dec 1028Microsoft’s new Razor HTML Rendering Engine that is currently shipping with ASP.NET MVC previews can be used outside of ASP.NET. Razor is an alternative view engine that can be used instead of the ASP.NET Page engine that currently works with ASP.NET WebForms and MVC. It provides a simpler and more readable markup syntax and is much more light weight in terms of functionality than the full blown WebForms Page engine, focusing only on features that are more along the lines of a pure view engine...
-
Announcing Entity Framework Code-First (CTP5 release)
Dec 1008This week the data team released the CTP5 build of the new Entity Framework Code-First library. EF Code-First enables a pretty sweet code-centric development workflow for working with data. It enables you to: Develop without ever having to open a designer or define an XML mapping file Define model objects by simply writing “plain old classes” with no base classes required Use a “convention over configuration” approach that enables database persistence without explicitly configuring anyt...
