Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Modern Web Development with ASP.NET Core 3 An end to end guide covering the latest features of Visual Studio 2019, Blazor and Entity Framework

Product type Paperback

Published in Jun 2020

Publisher Packt

ISBN-13 9781789619768

Length 802 pages

Edition 2nd Edition

Languages

Tools

ASP.NET

Concepts

Application Development

Author (1):

Ricardo Peres

View More author details

Table of Contents (26) Chapters

Preface

1. Section 1: The Fundamentals of ASP.NET Core 3

2. Getting Started with ASP.NET Core FREE CHAPTER

3. Configuration

4. Routing

5. Controllers and Actions

6. Views

7. Section 2: Improving Productivity

8. Using Forms and Models

9. Implementing Razor Pages

10. API Controllers

11. Reusable Components

12. Understanding Filters

13. Security

14. Section 3: Advanced Topics

15. Logging, Tracing, and Diagnostics

16. Understanding How Testing Works

17. Client-Side Development

18. Improving Performance and Scalability

19. Real-Time Communication

20. Introducing Blazor

21. gRPC and Other Topics

22. Application Deployment

23. Assessments

24. Other Books You May Enjoy

Leave a review - let other readers know what you think

Appendix A: The dotnet Tool

Binding security

A whole different subject now. We know that ASP.NET Core automatically binds submitted values to model classes, but what would happen if we hijacked a request and asked ASP.NET to bind a different user or role than the one we have? For example, consider if we have a method that updates the user profile using the following model:

public class User
{
    public string Id { get; set; }
    public bool IsAdmin { get; set; }
    //rest of the properties go here
}

If this model is committed to the database, it is easy to see that if we pass a value of IsAdmin=true, then we would become administrators instantly! To prevent this situation, we should do either of the following:

Move out sensitive properties from the public model, the one that is retrieved from the data sent by the user
Apply [BindNever] attributes to these sensitive properties, like this:

[BindNever]
public bool IsAdmin { get; set; }

In the...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Peres

Ricardo Peres is a Portuguese developer, blogger, and book author and is currently a team leader at Dixons Carphone. He has over 20 years of experience in software development and his interests include distributed systems, architectures, design patterns, and .NET development. He won the Microsoft MVP award in 2015 and has held this title up to 2020. He also authored Entity Framework Core Cookbook – Second Edition and Mastering ASP.NET Core 2.0, and was a technical reviewer for Learning NHibernate 4 for Packt. He also contributed to Syncfusion's Succinctly collection, with titles on .NET development. Ricardo maintains a blog—Development With A Dot—where he writes about technical issues. You can catch up with him on Twitter at @rjperes75.

See other products by Peres