\n13. Basic security

\n13.1 Preventing Cross-Site Scripting

\n13.2 Rejecting extra fields

\n13.3 Authenticating users

\n13.4 Exercise - Secure the back-office

\n13.5 Exercise solution - Secure the back-office

",{"_439":440,"_43":44,"_47":48,"_45":46,"_65":66,"_441":442,"_545":437},"previewContent","

\n Introduction\n
- \n What this book is not\n
- \n Prerequisites\n
- \n How to read this book\n
- \n Tools you need\n
- \n Source code\n
\n
\n 1. Why ASP.NET Core ?\n
- \n 1.1 What is it ?\n
- \n 1.2 Why use it ?\n
- \n 1.3 Competing technologies\n
\n
\n 2. ASP.NET Core at its simplest\n
- \n 2.1 Setting up the server\n
- \n 2.2 Very basic Startup configuration\n
- \n 2.3 Barebone configuration\n
- \n 2.4 ASP.NET MVC comes in\n
\n
\n 3. Creating our Web Site\n
- \n 3.1 Visual Studio scaffolding\n
- \n 3.2 Quick facts about that template\n
\n
\n 4. ASP.NET MVC inner workings\n
- \n 4.1 Principles\n
- \n 4.2 View\n
- \n 4.3 Bootstrap\n
- \n 4.4 Controller\n
- \n 4.5 It’s your turn to code: do-it-yourself\n
- \n 4.6 Exercise - Create the application\n
- \n 4.7 Exercise solution\n
\n
\n 5. Razor\n
- \n 5.1 Razor syntax\n
- \n 5.2 Exercise - Add code to the home page\n
- \n 5.3 Exercise solution\n
- \n 5.4 Layout views\n
- \n 5.5 Exercise - Remove some links\n
- \n 5.6 Exercise solution\n
- \n 5.7 Helpers\n
- \n 5.8 Partial views\n
\n
\n 6. Understanding ASP.NET MVC\n
- \n 6.1 Flashback\n
- \n 6.2 Routing\n
- \n 6.3 Controllers\n
- \n 6.4 Be lazy\n
- \n 6.5 Let’s go all the way\n
\n
\n 7. Typing things up\n
- \n 7.1 The problem with ViewBag and ViewData\n
- \n 7.2 Using and typing the model\n
- \n 7.3 Conventions and simplicity: introducing the ViewModel\n
\n
\n 8. Dependency Injection (DI)\n
- \n 8.1 DI steps\n
- \n 8.2 Services registration\n
- \n 8.3 Getting services through injection\n
- \n 8.4 Extension methods for dependency injection\n
- \n 8.5 Wrapping it up\n
\n
\n 9. Entity Framework Core models\n
- \n 9.1 Exercise - Create the Product model and DbContext\n
- \n 9.2 Exercise solution\n
- \n 9.3 Exercise - Add code that creates a database with some products\n
- \n 9.4 Exercise solution\n
- \n 9.5 Exercise - Display a products list\n
- \n 9.6 Exercise solution\n
\n
\n 10. Updating server data\n
- \n 10.1 Action parameters\n
- \n 10.2 Word of caution about URLs\n
- \n 10.3 Exercise - Display product details\n
- \n 10.4 Exercise solution\n
- \n 10.5 HTTP Post parameters\n
- \n 10.6 Passing a full blown object\n
- \n 10.7 Sit and watch - Basic product calculator\n
- \n 10.8 Exercise - Add a search box to the products list\n
- \n 10.9 Exercise solution\n
\n
\n 11. Updating data scenario\n
- \n 11.1 Steps\n
- \n 11.2 Controller\n
- \n 11.3 Automated generation of controller and views\n
- \n 11.4 Exercise - Create the products management back-office\n
- \n 11.5 Exercise solution - Create the products management back-office\n
\n
\n 12. Doing more with controllers and actions\n
- \n 12.1 Actions can generate more than views\n
- \n 12.2 Exercise - Add images to the products\n
- \n 12.3 Exercise solution - Add images to the products\n
- \n 12.4 Input validation\n
\n
\n 13. Basic security\n
- \n 13.1 Preventing Cross-Site Scripting\n
- \n 13.2 Rejecting extra fields\n
- \n 13.3 Authenticating users\n
- \n 13.4 Exercise - Secure the back-office\n
- \n 13.5 Exercise solution - Secure the back-office\n
\n
\n 14. State management\n
- \n 14.1 State stores\n
- \n 14.2 Session state\n
- \n 14.3 Exercise - Add products to a basket\n
- \n 14.4 Exercise solution - Add products to a basket\n
- \n 14.5 Exercise - Basket contents\n
- \n 14.6 Exercise solution - Basket contents\n
\n
\n 15. Web API\n
- \n 15.1 Use cases\n
- \n 15.2 Creating an API is simple\n
- \n 15.3 API results format\n
\n
\n 16. Going further\n
- \n 16.1 Creating Razor helpers\n
- \n 16.2 Display and edit templates\n
\n
\n Definitions\n
\n A word from the author\n
\n The Learn Collection\n

Introduction

\n\n

What this book is not

\n\n

I made my best to keep this book small, so that you can learn ASP.NET Core quickly without getting lost in petty details. If you are looking for a reference book where you’ll find answers to all the questions you may have within the next 4 years of your ASP.NET Core practice, you’ll find other heavy books for that.

\n\n

My purpose is to swiftly provide you with the tools you need to code your first ASP.NET Core application and be able to look for more by yourself when needed. While some authors seem to pride themselves in having the thickest book, in this series I’m glad I achieved the thinnest possible book for my purpose. Though I tried my best to keep all of what seems necessary, based on my 15 years experience of teaching .NET.

\n\n

I assume that you know what ASP.NET MVC is and when to use it. In case you don’t, read the following What is ASP.NET Core chapter.

\n\n

Prerequisites

\n\n

In order for this book to meet its goals, you must :

\n\n

Have basic experience creating applications with C#
Have working knowledge of HTML
Know what a Web application is

\n\n

How to read this book

\n\n

This book’s aim is to make you productive as quickly as possible. For this we’ll use some theory, several demonstrations, plus exercises. Exercises appear like the following:

\n\n\n\n

Tools you need

\n\n

The only tool you’ll need to work through that book is Visual Studio 2017. You can get any of those editions:

\n\n

Visual Studio 2017 Community (free)
Visual Studio 2017 Professional or Entreprise

\n\n

When installing Visual Studio, make sure you select the ASP.NET and .NET Core components.

\n\n

Source code

\n\n

All of the source code for the demos and do-it-yourself solutions is available at https://bitbucket.org/epobb/aspnetcoreexercises

\n\n

It can be downloaded as a ZIP file, or if you installed GIT you can simply type:

\n\n

git clone https://bitbucket.org/epobb/aspnetcoreexerc\\\nises.git\n

\n\n\n\n\n\n\n

\n1. Why ASP.NET Core ?

\n\n

If you’re in a hurry, you can safely skip this chapter and head straight to\nthe Creating our Web Site chapter. This Why ASP.NET Core chapter\nis there for those that want to know why ASP.NET Core should be used.

\n\n

\n1.1 What is it ?

\n\n

In a nutshell, ASP.NET Core is a technology used to create Web applications.

\n\n

Web applications are used with a browser. Examples of Web applications are Facebook, Google, and in fact most of the services you use.\nWhen you enter an http://something url in your browser, you get a Web application.

\n\n

Simply put, ASP.NET Core can be used to create a Web application like Facebook, or a store, which is what we do in this book’s exercises.

\n\n

\n1.2 Why use it ?

\n\n

In case you know .NET and need to create a Web application, using ASP.NET makes sense since you can reuse your knowledge of the .NET Framework (or .NET Core) and language abilities (like C# and VB.NET).

\n\n

At this time, there are two versions of ASP.NET:

\n\n

ASP.NET 4.6, using the .NET Framework 4.6.
ASP.NET Core.

\n\n

ASP.NET 4.6 is the legacy version coming all the way from the year 2001. It is full of features but should be used mostly when porting existing .NET code, since the .NET Core platform doesn’t have all of the classes that were available in .NET. However, ASP.NET 4.6 is limited to running on Windows platforms.

\n\n

ASP.NET Core should be considered for new projects. It is cross-platform (Windows, Linux, OS-X, Docker), scalable and efficient. This book is about ASP.NET Core.

\n\n

ASP.NET Core can be used to produce APIs and HTML pages out of the box. In order to render HTML, it sports an MVC middleware which we’ll learn in this book.

\n\n

\n1.3 Competing technologies

\n\n

There are many technology stacks used to create Web applications. On a technological standpoint the following stacks would for instance allow to develop applications in a way similar to ASP.NET Core :

\n\n

Node.JS + Express
Ruby on Rails
Meteor

\n\n

Selecting one technology or another can be debated for a while. It often boils down to beliefs or preferences, but there can be good reasons. For instance, if you know JavaScript and HTTP but nothing about .NET, you’ll probably get an easier time with Node.JS + Express than with ASP.NET Core.

\n\n\n

\n2. ASP.NET Core at its simplest

\n\n

Before I introduce ASP.NET MVC, I’d like to show you that ASP.NET Core can run with a minimalist setup. Two classes are needed: Program and Startup.

\n\n

\n2.1 Setting up the server

\n\n

We need to create a server instance. It’s the object that will serve the HTTP requests. Kestrel is such a server and is included with ASP.NET Core. We can run it using the following code:

\n\n

public class Program\n{\n  public static void Main(string[] args)\n  {\n    var host = new WebHostBuilder()\n      .UseKestrel()\n      .UseStartup<Startup>()\n      .Build();\n\n      host.Run();\n    }\n}\n

\n\n\n\n

Note that this code references a Startup class. We need to provide that class.

\n\n\n\n

Hosting the application in IIS

\n\n

var host = new WebHostBuilder()\n  .UseKestrel()\n  .UseIISIntegration()\n  .Build();\n

\n\n\n\n

\n2.2 Very basic Startup configuration

\n\n

The following code creates a minimalist setup.

\n\n

public class Startup\n{\n  public void Configure(IApplicationBuilder app)\n  {\n    app.UseWelcomePage();\n  }\n}\n

\n\n\n\n

Using that code and the Program class above, we already have a Web server. It provides users with a page about ASP.NET Core:

\n\n\n

\n\n\n

\n2.3 Barebone configuration

\n\n

Should we want to get to the bare metal of ASP.NET Core, we can replace the above Startup class with the following one:

\n\n

public class Startup\n{\n  public void Configure(IApplicationBuilder app)\n  {\n    app.Run(async (context) =>\n    {\n      await context.Response\n        .WriteAsync(\"Hello World!\");\n    });\n  }\n}\n

\n\n\n\n

That code defines a barebone middleware. We’ll see more about middleware later. For the moment, just note that it enables you to run whatever code you need in order to process incoming HTTP requests. The context parameter you get when an HTTP request comes in gives you access to the request, response, and anything related to it. In my example I answer with a simple string but we could write any Web server application by adding code there.

\n\n

At that very moment you may want to close this book. For any middle-size application that mode of development would simply grow into something impossible to maintain. I’m glad you didn’t close the book, because I have good news: ASP.NET Core offers a middleware that makes it easy to write a maintainable, testable Web application: ASP.NET MVC. Just read on.

\n\n

\n2.4 ASP.NET MVC comes in

\n\n

ASP.NET is a flexible middleware made for creating HTML and API web applications. It provides for a well-made separation of concerns and even offers dependency injection support out of the box. Using it is as simple as adding a line to our Startup class:

\n\n

app.UseMvc()\n

\n\n\n\n

But we won’t even need to manually add that line. Visual Studio 2017 is part of our toolkit, so let’s start using it.

\n\n

\n3. Creating our Web Site

\n\n

\n3.1 Visual Studio scaffolding

\n\n

In order to create an ASP.NET Core Application, I can simply start Visual Studio 2017 and select File / New / Project from the menu. I know New Web Site sounds tempting but don’t use it; that kind of site doesn’t scale up well once you get to real applications.

\n\n\n

\n\n\n

I’m taken to the New project dialog box. From the left menu I’ll select Visual C# since it’s the most common coding language for .NET, then Web. In the middle pane I’ll select ASP.NET Core Web Application (.NET Core). In the lower part of the dialog box, next to the Name: label I’ll type the name of my project: Demos.

\n\n\n

\n\n\n

Now I click the OK button and I’m taken to a second dialog: New ASP.NET Core Web Application (.NET Core). Time to select the features I want. I’ll select Web Application, make sure the Enable Docker Support checkbox is unchecked and authentication is set to Individual User Accounts (if necessary, click the Change Authentication button to select that option). Here’s what that dialog looks like:

\n\n\n

\n\n\n\n\n

Now I click the OK button of the New ASP.NET Core Web Application dialog and that’s it for now; my application is ready. In order to run it inside my browser, I’ll select Debug / Start Debugging from the menu, or use the F5 shortcut:

\n\n\n

\n\n\n

When I do this, Visual Studio starts a local Web server (IIS Express), runs my browser and points it to the URL of my site on that server, then finally attaches to the running code in debug mode so that it can catch any exception or show the code when I reach a breakpoint.

\n\n

This is what I get in my browser:

\n\n\n

\n\n\n

What’s nice is that the site is responsive (the default template uses Boostrap):

\n\n\n

\n\n\n

That application also has a menu above, with links that take me to almost empty “About” and “Contact” pages. Also note that we already have fully-functional “Log in” and “Register” links for user authentication. If I use them, a local SQL Server database will be created for storage.

\n\n

Well, we have kind of a nice startup after just a few clicks. Now let’s see some theory before we can extend our application. Don’t worry, I’ll keep it short: this book focuses on getting you up and running quickly.

\n\n

\n3.2 Quick facts about that template

\n\n

This basic application has been configured to use ASP.NET MVC. In short, MVC allows for:

\n\n

Separation of concerns: controllers handle the HTTP request while views generate the outgoing HTML.
Testability (easy unit testing of the controllers).

\n\n

Several folders have been created as part of that initial scaffolding. We’ll see more about them through the book; in short:

\n\n

wwwroot: content that will be available to the client (browser);
Data: Entity Framework classes;
Model: business classes;
Services: dependencies that will be injected;
Models: MVC models;
Views: MVC views;
Controllers: MVC controllers.

\n\n

\n4.6 Exercise - Create the application

\n\n\n\n

I know, it’s basic, but you need to learn some more things before you can do more.

\n\n

\n4.7 Exercise solution

\n\n

Open Visual Studio.
Click on the File / New / Project… menu entry.
In the New Project dialog, select the Installed tab on the left. Select Templates / Visual C# / Web on the left. In the center, select ASP.NET Core Web Application (.NET Core). At the bottom, type MyShop next to the Name: label. Click the OK button.
In the New ASP.NET Core Web Application dialog, select Web Application under the ASP.NET Core 1.1 templates drop-down list. Click the Change Authentication button.
In the Change Authentication dialog, select Individual User Accounts. Click the OK button.
Back in the New ASP.NET Core Web Application dialog, click the OK button.
In the Solution Explorer (on the right-hand side), open the Views folder, then the Home folder located underneath.
Double-click the Index.cshtml file.
Locate the following code:

\n\n

<div id=\"myCarousel\" ...>\n  ...\n</div>\n\n<div class=\"row\">\n    <div class=\"col-md-3\">\n      ...\n    </div>\n</div>\n

\n\n\n\n

Replace that code with the following one :

\n\n

<div class=\"col-md-3\">\n  <h2>Welcome</h2>\n  <p>\n    Using ASP.NET Core, we created a wonderful\n    application that allows buying your\n    favorite products\n  </p>\n</div>\n<div class=\"col-md-3\">\n  <h2>Startup</h2>\n  <p>\n    New to the store? Give yourself a treat\n    through the shop!\n  </p>\n</div>\n

\n\n\n\n

Click the Build / Build Solution menu.
Run the application: click the Debug / Start Debugging menu.

\n\n

If you would like to get in touch you can use :

\n\n

email: books@aweil.fr
Facebook: https://facebook.com/learncollection\n

\n\n

In case your project needs it, I’m also available for speaking, teaching, consulting and coding. All around the world.

\n\n

If you liked this book, you probably saved a lot of time thanks to it. I’d be very grateful if you took some minutes of your precious time to leave a comment on the site where you purchased this book. Thanks a ton !

\n\n\n

The Learn Collection

\n\n

This book is part of the Learn Collection.

\n\n

The Learn Collection allows developers to self-teach new technologies in a matter of days.

\n\n

Published books

\n\n

To be published

\n\n

Learn Xamarin
Learn Universal Windows

\n\n

\n\n","tocStructure",[443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544],{"_76":77,"_43":78,"_70":-5,"_79":80,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":86,"_70":-5,"_79":87,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":92,"_70":-5,"_79":93,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":95,"_70":-5,"_79":96,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":98,"_70":-5,"_79":99,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":101,"_70":-5,"_79":102,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":104,"_70":-5,"_79":105,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":108,"_70":-5,"_79":109,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":111,"_70":-5,"_79":112,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":114,"_70":-5,"_79":115,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":117,"_70":-5,"_79":118,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":121,"_70":-5,"_79":122,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":124,"_70":-5,"_79":125,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":127,"_70":-5,"_79":128,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":130,"_70":-5,"_79":131,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":133,"_70":-5,"_79":134,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":137,"_70":-5,"_79":138,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":140,"_70":-5,"_79":141,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":143,"_70":-5,"_79":144,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":147,"_70":-5,"_79":148,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":150,"_70":-5,"_79":151,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":153,"_70":-5,"_79":154,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":156,"_70":-5,"_79":157,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":159,"_70":-5,"_79":160,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":162,"_70":-5,"_79":163,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":165,"_70":-5,"_79":166,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":168,"_70":-5,"_79":169,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":172,"_70":-5,"_79":173,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":175,"_70":-5,"_79":176,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":178,"_70":-5,"_79":179,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":181,"_70":-5,"_79":182,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":184,"_70":-5,"_79":185,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":187,"_70":-5,"_79":188,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":190,"_70":-5,"_79":191,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":193,"_70":-5,"_79":194,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":196,"_70":-5,"_79":197,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":200,"_70":-5,"_79":201,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":203,"_70":-5,"_79":204,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":206,"_70":-5,"_79":207,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":209,"_70":-5,"_79":210,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":212,"_70":-5,"_79":213,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":215,"_70":-5,"_79":216,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":219,"_70":-5,"_79":220,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":222,"_70":-5,"_79":223,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":225,"_70":-5,"_79":226,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":228,"_70":-5,"_79":229,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":232,"_70":-5,"_79":233,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":235,"_70":-5,"_79":236,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":238,"_70":-5,"_79":239,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":241,"_70":-5,"_79":242,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":244,"_70":-5,"_79":245,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":247,"_70":-5,"_79":248,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":251,"_70":-5,"_79":252,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":254,"_70":-5,"_79":255,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":257,"_70":-5,"_79":258,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":260,"_70":-5,"_79":261,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":263,"_70":-5,"_79":264,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":266,"_70":-5,"_79":267,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":269,"_70":-5,"_79":270,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":273,"_70":-5,"_79":274,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":276,"_70":-5,"_79":277,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":279,"_70":-5,"_79":280,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":282,"_70":-5,"_79":283,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":285,"_70":-5,"_79":286,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":288,"_70":-5,"_79":289,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":291,"_70":-5,"_79":292,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":294,"_70":-5,"_79":295,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":297,"_70":-5,"_79":298,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":300,"_70":-5,"_79":301,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":304,"_70":-5,"_79":305,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":307,"_70":-5,"_79":308,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":310,"_70":-5,"_79":311,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":313,"_70":-5,"_79":314,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":316,"_70":-5,"_79":317,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":319,"_70":-5,"_79":320,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":323,"_70":-5,"_79":324,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":326,"_70":-5,"_79":327,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":329,"_70":-5,"_79":330,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":332,"_70":-5,"_79":333,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":335,"_70":-5,"_79":336,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":339,"_70":-5,"_79":340,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":342,"_70":-5,"_79":343,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":345,"_70":-5,"_79":346,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":348,"_70":-5,"_79":349,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":351,"_70":-5,"_79":352,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":354,"_70":-5,"_79":355,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":358,"_70":-5,"_79":359,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":361,"_70":-5,"_79":362,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":364,"_70":-5,"_79":365,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":367,"_70":-5,"_79":368,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":370,"_70":-5,"_79":371,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":373,"_70":-5,"_79":374,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":376,"_70":-5,"_79":377,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":380,"_70":-5,"_79":381,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":383,"_70":-5,"_79":384,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":386,"_70":-5,"_79":387,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":389,"_70":-5,"_79":390,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":393,"_70":-5,"_79":394,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":85,"_43":396,"_70":-5,"_79":397,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":399,"_70":-5,"_79":400,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":403,"_70":-5,"_79":404,"_72":81,"_88":-5,"_89":-5,"_90":-5},{"_76":77,"_43":407,"_70":-5,"_79":408,"_72":81,"_88":-5,"_89":-5,"_90":-5},"publicChapterContent","nextChapter","sections",[523,524,525,526,527],"routes/_store+/_layout","routes/_store+/_readers+/_layout","actionData","errors"]

\n13. Basic security

\n13.1 Preventing Cross-Site Scripting

\n13.2 Rejecting extra fields

\n13.3 Authenticating users

\n13.4 Exercise - Secure the back-office

\n13.5 Exercise solution - Secure the back-office

Table of Contents

Introduction

What this book is not

Prerequisites

How to read this book

Tools you need

Source code

\n1. Why ASP.NET Core ?

\n1.1 What is it ?

\n1.2 Why use it ?

\n1.3 Competing technologies

\n2. ASP.NET Core at its simplest

\n2.1 Setting up the server

\n2.2 Very basic Startup configuration

\n2.3 Barebone configuration

\n2.4 ASP.NET MVC comes in

\n3. Creating our Web Site

\n3.1 Visual Studio scaffolding

\n3.2 Quick facts about that template

\n4. ASP.NET MVC inner workings

\n4.1 Principles

\n4.2 View

\n4.3 Bootstrap

\n4.4 Controller

\n4.5 It’s your turn to code: do-it-yourself

About exercises in this book

In case you get stuck

\n4.6 Exercise - Create the application

\n4.7 Exercise solution

\n5. Razor

\n5.1 Razor syntax

\n5.2 Exercise - Add code to the home page

\n5.3 Exercise solution

\n5.4 Layout views

\n5.5 Exercise - Remove some links

\n5.6 Exercise solution

\n5.7 Helpers

\n5.8 Partial views

\n6. Understanding ASP.NET MVC

\n6.1 Flashback

\n6.2 Routing

\n6.3 Controllers

\n6.4 Be lazy

\n6.5 Let’s go all the way

\n7. Typing things up

\n7.1 The problem with ViewBag and ViewData

\n7.2 Using and typing the model

\n7.3 Conventions and simplicity: introducing the ViewModel

\n8. Dependency Injection (DI)

\n8.1 DI steps

\n8.2 Services registration

\n8.3 Getting services through injection

\n8.4 Extension methods for dependency injection

\n8.5 Wrapping it up

\n9. Entity Framework Core models

\n9.1 Exercise - Create the Product model and DbContext

\n9.2 Exercise solution

\n9.3 Exercise - Add code that creates a database with some products

\n9.4 Exercise solution

\n9.5 Exercise - Display a products list

\n9.6 Exercise solution

\n10. Updating server data

\n10.1 Action parameters

\n10.2 Word of caution about URLs

\n10.3 Exercise - Display product details

\n10.4 Exercise solution

\n10.5 HTTP Post parameters

\n10.6 Passing a full blown object

\n10.7 Sit and watch - Basic product calculator

\n10.8 Exercise - Add a search box to the products list

\n10.9 Exercise solution

\n11. Updating data scenario

\n11.1 Steps

\n11.2 Controller