Contents tagged with MVC
-
Html5 Input Validation Presentation
Last week I gave a presentations to the 2011 UC Davis IT Security Symposium that covered input validation features in HTML5. I mostly discussed the following three topics:
-
Adding Unobtrusive Validation To MVCContrib Fluent Html
ASP.NET MVC 3 includes a new unobtrusive validation strategy that utilizes HTML5 data-* attributes to decorate form elements. Using a combination of jQuery validation and an unobtrusive validation adapter script that comes with MVC 3, those attributes are then turned into client side validation rules.
-
Introducing Data Annotations Extensions
Validation of user input is integral to building a modern web application, and ASP.NET MVC offers us a way to enforce business rules on both the client and server using Model Validation. The recent release of ASP.NET MVC 3 has improved these offerings on the client side by introducing an unobtrusive validation library built on top of jquery.validation. Out of the box MVC comes with support for Data Annotations (that is, System.ComponentModel.DataAnnotations) and can be extended to support other frameworks. Data Annotations Validation is becoming more popular and is being baked in to many other Microsoft offerings, including Entity Framework, though with MVC it only contains four validators: Range, Required, StringLength and Regular Expression. The Data Annotations Extensions project attempts to augment these validators with additional attributes while maintaining the clean integration Data Annotations provides.
-
Adding Client Validation To DataAnnotations DataType Attribute
The System.ComponentModel.DataAnnotations namespace contains a validation attribute called DataTypeAttribute, which takes an enum specifying what data type the given property conforms to. Here are a few quick examples:
-
jQuery Overview Presentation
Last week I gave a presentation to the UC.NET User Group which provided an overview/introduction to jQuery. Instead of using PowerPoint I created an ASP.NET MVC website and used a jQuery presentation plugin (http://www.viget.com/inspire/jquery-presentation-plugin/) to provide slide navigation and animation, which allowed me to make the presentation very interactive.
-
NHibernate Client Validator ASP.NET MVC 2 Model Validation
ASP.NET MVC 2 improves Model Validation in a number of ways, including the addition of client side validation (ala xVal). If you would like more information on Model Validation in ASP.NET MVC 2, see Scott Gu’s detailed post on this subject. Out of the box ASP.NET MVC 2 includes support for DataAnnotations, and there are some extensibility points available for plugging in your own framework.
-
Guarding against CSRF Attacks in ASP.NET MVC2
Alongside XSS (Cross Site Scripting) and SQL Injection, Cross-site Request Forgery (CSRF) attacks represent the three most common and dangerous vulnerabilities to common web applications today. CSRF attacks are probably the least well known but they are relatively easy to exploit and extremely and increasingly dangerous. For more information on CSRF attacks, see these posts by
Phil Haack and Steve Sanderson. -
NHibernate Validator ASP.NET MVC 2 Model Validation
ASP.NET MVC2 will improve the built in Model Validation in a number of ways, including the addition of client side validation (ala xVal). If you would like more information on Model Validation in ASP.NET MVC 2, see Scott Gu’s detailed post on this subject. Out of the box ASP.NET MVC 2 will include support for DataAnnotations, and there are some extensibility points available for plugging in your own framework.
-
Authorizing Access via Attributes in ASP.NET MVC Without Magic Strings
Recently I developed a strategy which I think works well for authorizing access to user groups (Roles) without using the string names of those groups.
-
Making ASP.NET MVC Actions be Transactional By Default
Given any action method (we’ll use Index), if there is no attribute it should execute in a Transaction: