NinethSense

Client Side:

• View State
• Control State
• Hidden fields
• Cookies
• Query Strings

Server Side

• Application State
• Session State
• Profile Properties
• Database Support

Detailed reading here.

A good reading here.

This walkthrough shows you how to develop an ASP.NET MVC application in Visual Studio using the test-driven development (TDD) approach. MVC was designed to enable testability without requiring dependencies on a Web server (IIS), on a database, or on external classes. (This is in contrast to unit tests for Web Forms pages, which require a Web server.)

Recently I passed 070-480: Programming in HTML5 with JavaScript and CSS3. Please make sure of the opportunity by using the promo code “HTMLJMP” in Prometric exam scheduling website.

This offer is valid till 31, March 2013 only.

This exam is a prerequisite for MCSD Web & Windows Developer

The exam was neither easy nor tough. Expect questions which uses jQuery as well.

Thanks to StackOverflow for various fixes and findings.

First, create an MVC4 web application with forms authentication. I used Visual Studio Express for Web 2012 here.

Below are the changes required:

web.config

  <connectionStrings>
    <add name="DefaultConnection" connectionString="Server=localhost\sqlexpress;Database=train;User Id=admin;Password=blah;" providerName="System.Data.SqlClient" />
    <add name="ADConnectionString" connectionString="LDAP://blah/DC=blee,DC=bluee,DC=blum/>
  </connectionStrings>
 
---
  <authentication mode="Forms">
      <forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="2880" 
	slidingExpiration="false" protection="All" />
    </authentication>
    <membership defaultProvider="MY_ADMembershipProvider">
      <providers>
        <clear />
        <add name="MY_ADMembershipProvider" 
		type="System.Web.Security.ActiveDirectoryMembershipProvider"
             connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" />
      </providers>
    </membership>

Controllers\AccountController.cs

public ActionResult Login(LoginModel model, string returnUrl)
        {
            if (ModelState.IsValid && Membership.ValidateUser(model.UserName, 
								model.Password))
            {
                FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                return RedirectToLocal(returnUrl);
            }
 
            // If we got this far, something failed, redisplay form
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
            return View(model);
        }
 
---
public ActionResult LogOff()
        {
            FormsAuthentication.SignOut();
 
            return RedirectToAction("Index", "Home");
        }

A must-read for those who love Code First.

Check here – http://blogs.msdn.com/b/efdesign/archive/2010/06/01/conventions-for-code-first.aspx

Click here.

• Buffer overflow checks – bound checks
• Cryptography – Encrypt passwords and other sensitive data
• Do not ever hard code data. Always externalize – use resource files or databases
• Use roles based security – who is allowed to call functions
• Code Access Security (CAS)
• Information can leak through ViewState, XML, SQL & Web errors, Cookies and URLs
• Beware of cross site scripting – use libraries
• Beware Script/SQL injection
• Parameter validation is mandatory
• Server side validation is mandatory even if you have validation in client side
• Code with proper exception handling
• On production,
  • Never disable <customErrors> section in config file
  • Make sure Tracing is not enabled
  • Debugging should be disabled

Read about best practices on globalization & localization here.

URL: http://msdn.microsoft.com/en-us/library/w7x1y988.aspx

Introduction to ASP.NET MVC 3

Click here to launch.

Anti-XSS is a powerful tool in the Microsoft toolbox that mitigates XSS risks. Additionally, Anti-XSS provides a consistent level of security allowing you to focus on solving business problems and not on security problems.

More reading URL: http://msdn.microsoft.com/en-us/security/aa973814