Category Archives: MVC

Home / ASP.NET / MVC
10 Posts

EntityFramework 7 is the defacto ORM used with .NET Core to provide cross-platform compatible data access. EF7 is missing many features that are present in EF6, though. My initial apprehension was that this would create a scenario where one could not use .NET Core if their projects relied on EF6 features. Fortunately, it’s pretty easy to get EF6 working with .NET Core. The sacrifice is a loss of cross-platform hosting ability.

More Link

ASP.NET’s built in CSRF (Cross-site request forgery) is pretty straight forward. You add a token to your views via an HTML Helper, and then decorate your controller actions with a specific attribute to validate the token on POST. There are many times, seemingly randomly, where users have invalid tokens on their requests. MVC throws a 500 error with an HttpAntiForgeryException. For legitimate users, this is not an optimal experience.

More Link

With a new project we have, I was tasked with working on security. Initially, I used OWIN and cookie authentication to implement a simple login and all was good. However, we wanted to remove the ability to login and have it driven by an external site redirecting a user with a token.

More Link

In my .NET 4.5 MVC projects, I already have helper methods/extensions that let me determine if a user has access to a particular controller action. This provides a nice mechanism to hide and show buttons, hyperlinks, or other UI action elements based on the authorization attributes that have been defined on the MVC Controller.

However, this is a bit more complicated with ApiControllers.

More Link

After my brief primer (Part 1) of the things I’m looking to accomplish with Angular in what I consider a large-scale application, I’ve had a week or so to toss around ideas and get a solid foundation.

To recap, I want this application to avoid becoming an unruly, behemoth that is unmanageable. I want core, reusable components to be separated from core functionality. That is to say, I want loose coupling. The application should have hooks, navigation, and what not that is self-aware while allowing multiple developers to create their own discrete set of functional areas. In that vein, or to that end, I want “areas” to be independent for the most part and, as such, developers should be able to work on the individual functional areas without stepping all over each other’s code, or worrying much about breaking other parts of the application.

More Link

This week, my team and I have embarked on a new large scale application.  It’s predominately your typical web multi-tier web application with business logic, security, CRUD, and what not.

However, it’s also going to be an Angular Single Page App (SPA). Thinking about the structure of this application, in terms functional blocks and project/solution layout is pivotal in the design and engineering process.

More Link

After creating a redistributal package for a custom OWIN AuthenticationHandler that handles logins to an internally hosted Oauth2/SSO provider, I found something a little annoying.

When OWIN detects a 401 response and the AuthenticationMode is “Active,” it doesn’t capture the URL hash from the request.

More Link

Adding custom claims in .NET Identity, through OWIN, or otherwise is pretty straight forward.

But, what if we want to step outside of, or augment, the OAuth flow?

More Link

After, mostly, getting the SSO / OAuth2 server setup with OWIN working over the past week, I ran into a few interesting scenarios and bits of information worth sharing.

The main scenario was in dealing with Authorization Code Grant across different domains and working that scenario into both the SSO paradigm and “protected Resource” server access.

More Link

I’ve used T4MVC within my MVC projects for a long, long time now. It’s one of those extremely useful utilities that probably gets forgotten.

At any rate, I’m not sure if I ever mentioned why I like T4MVC, but here are a few reasons.

More Link