How to create a .NET Core 3.0 trimmed self-contained single executable app using VS Code
ASP.NET CORE Identity Under the Hood | Authentication & Authorization | .NET 8
00:00:00 Introduction
00:04:31 1. Security Overview
00:10:34 2. Authentication and Authorization Flow
00:17:18 3. ASP.NET Core Basics
00:23:31 4. Security Context in ASP.NET Core
00:27:23 5. Anonymous Identity
00:33:26 6. Create a Login Page with Razor Pages
00:46:02 7. Generate Cookie with Cookie Authentication Handler
01:06:01 8. Authenticaiton Middle and Authentication Scheme
01:15:16 9. Authorization Architecture Flow
01:23:58 10. Simple Policy based Authorization
01:43:50 11. Login & Logout Partial View
01:52:56 12. Custom Policy based Authorization
02:05:11 13. Cookie Lifespan & Browser Session
What's the difference between a console, a terminal, and a shell?
Let's Build a Simple Database
Writing a sqlite clone from scratch in C
- We have two new refactorings for global usings, Extract Global Using and Inline Global Using, with Find Usages support for this feature.
- For
nullable reference types, we’ve split the “should never be null”
warning into two categories: one for those who look at NRT annotation
and one for those who have a runtime check for null. We’ve also added a
setting to enable runtime enforced not null warnings only, and supported
[MemberNotNull]and[MemberNotNullWhen]annotations. - We’ve implemented generic attributes support for C#11.
.NET 7 💥 - ASP.NET Core Web Api CRUD, Repository Pattern, SQLite & Automapper
In this video we will be going to be create a full .NET WebApi with Automapper, SQLite and utilising the Repository Pattern
In this article, we are going to see how we can create a custom ModelValidatorProvider that validates models based upon the rules specified in the xml files and works side-by-side with the other built-in validator providers.
- Validate arguments from events.
- Validate inputs and results from JS interop calls.
- Avoid using (or validate beforehand) user input for .NET to JS interop calls.
- Prevent the client from allocating an unbound amount of memory.
- Data within the component.
-
DotNetObjectreferences returned to the client. - Guard against multiple dispatches.
- Cancel long-running operations when the component is disposed.
- Avoid events that produce large amounts of data.
- Avoid using user input as part of calls to NavigationManager.NavigateTo and validate user input for URLs against a set of allowed origins first if unavoidable.
- Don't make authorization decisions based on the state of the UI but only from component state.
- Consider using Content Security Policy (CSP) to protect against XSS attacks.
- Consider using CSP and X-Frame-Options to protect against click-jacking.
- Ensure CORS settings are appropriate when enabling CORS or explicitly disable CORS for Blazor apps.
- Test to ensure that the server-side limits for the Blazor app provide an acceptable user experience without unacceptable levels of risk.
.NET applications however rely on the ciphers provided by the OS, and the only way to get new ciphers into the OS is through a patch from Microsoft. Unsupported versions of Windows typically do not receive these patches, so over time you can expect an increasing number of websites to stop working with .NET applications.
As you may remember, Microsoft has removed the IE Mode feature from Microsoft Edge. THe company has limited it to enterprise customers and IT admins. They have also stated that the feature was released to the public for testing purposes only. Here is a bit of good news - you can re-enable IE Mode when needed with recent versions of Edge!
