All ASP.NET MVC Forms Need To Include Html.AntiForgeryToken() For Security

Having recently been implementing many new form pages in ASP.NET MVC, I’ve found myself over and over again adding the following two things to every form. After Html.BeginForm() I Put @Html.AntiForgeryToken() Add the Attribute [ValidateAntiForgeryToken] To Every Post Action Method Before I was doing so much ASP.NET MVC, I would often see in Channel 9 videos, the presenter add the AntiForgeryToken() after the BeginForm() method on the cshtml razor page and say something like “you should always add this”.  I never saw them say “and don’t forget to add the attribute ValidateAntiForgeryToken to the controller POST method. Just to be clear, below is what I’m talking about: What this does is to make sure that the trusted … Continue Reading

LINQ To SQL Performance Getting Huge Improvement in EF5, Microsoft Does Listen!

  The Original Problem Back in 2009, I discovered what I considered a fatal flaw in performance using LINQ2SQL with LINQ queries.  I published 2 very popular articles on this as well as discussed it with many of my peers and Microsoft.  At the time, I was told in no uncertain terms by Microsoft that this was an inherent problem and for many reasons I did not agree with, they would not be addressing the issue.  Well, now, more than 2 years later, Microsoft has addressed this exact issue in Entity Framework Version 5 and will be providing the exact fix that is needed! … Continue Reading


Get every new post delivered to your Inbox

Join other followers: