All ASP.NET MVC Forms Need To Include Html.AntiForgeryToken() For Security

image.png

Having recently been implementing many new form pages in ASP.NET MVC, I’ve found myself over and over again adding the following two things to every form. After Html.BeginForm() I Put @Html.AntiForgeryToken() Add the Attribute [ValidateAntiForgeryToken] To Every Post Action Method Before I was doing so much ASP.NET MVC, I would often see in Channel 9 videos, the presenter add the AntiForgeryToken() after the BeginForm() method on the cshtml razor page and say something like “you should always add this”.  I never saw them say “and don’t forget to add the attribute ValidateAntiForgeryToken to the controller POST method. Just to be clear, below is what I’m talking about: What this does is to make sure that the trusted … Continue Reading

Safely Encoding Strings On ASP.NET MVC Razor Pages (sometimes)

  Background Sometimes, we want to let html tags come through our web pages from user defined content.  If for example, you have a workflow that requires approval before publishing, there are times when you want to let the author put through html, links, etc.  Solution In Visual Studio write a simple HtmlHelper method that allows for a flag you can pass through.  In my case, I have a database table with a boolean column “allowhtml”.  If this is set, then instead of using Html.Raw(…) I can use my own helper method, pass in the allowHtml value and if it is set true, then allow the not encoded Html to flow through. Here is that helper method: namespace WebAPI.Code.Helpers { public static class … Continue Reading

Capturing SendGrid Events With ASP.NET WebAPI and Task async

image.png

  Problem I’ve been using SendGrid’s API WebHooks to capture email events (Version 1).  This version sends one event at a time which has always been a pretty bad idea.  When I first did the integration a year or so ago, the only way to capture multiple events at once was to consume some proprietary non-JSON like protocol.  I declined.  They finally have upgraded the API to send standard JSON records and are going to obsolete version 1 so I need to change.  Here goes… Send Grid Event Notification Configuration First, you need to go into Event Notification and change to (v3) of the config.  Then, I pressed the “Test Your Integration” button while running fiddler to grab the JSON SendGrid generates (see … Continue Reading

Building A Windows 8 Metro Style JavaScript / HTML5 / CSS3 App Using ListView

image.png

  Background The new Windows 8 Developer environment is seriously under documented at this point in it’s product life.  Microsoft released a “Developer Preview” at the Build Conference in September, than has not done any noticeable updates or improvement on those bits.  The Video’s online from build are very helpful because you can go through them in slow motion and see how to make things work.  In this article, I’m going to go through the steps necessary in a lot of detail to build a simple list read-only list viewer of US Congress legislators in California.  At the end, we’ll have something like the following working:   (actual tablet from build running the app)   and the completed solution from … Continue Reading

Follow

Get every new post delivered to your Inbox

Join other followers: