Home Page Icon
Home Page
Table of Contents for
Preventing XSRF/CSRF
Close
Preventing XSRF/CSRF
by Michel Bruchet, Jason De Oliveira, Kenneth Yamikani Fukizi
Learn ASP.NET Core 3 - Second Edition
Title Page
Copyright and Credits
Learn ASP.NET Core 3 Second Edition
Dedication
About Packt
Why subscribe?
Contributors
About the authors
About the reviewer
Packt is searching for authors like you
Preface
Once upon a time – NGWS and .NET Framework
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Code in Action
Conventions used
Get in touch
Reviews
Section 1: Introduction and Environment Setup
What Is ASP.NET Core 3?
The history of ASP.NET 
ASP.NET Core 3 features
What is new specifically to ASP.NET Core 3?
Cross-platform support
Microservice architecture
Working with containers
Performance and scalability
Technology restrictions
Common technologies not directly found in ASP.NET Core and .NET Core
When to choose ASP.NET Core 3
Summary
Setting Up the Environment
Visual Studio 2019 as a development environment
How to install Visual Studio 2019 Community Edition
First steps with Visual Studio 2019
Creating your first ASP.NET Core 3 application in Visual Studio 2019
Creating your first ASP.NET Core 3 application via the command line
Basic debugging with Visual Studio 2019
Breakpoints
Call stack
Autos, Locals, and Watch Panes
Visual Studio Code as a development environment
How to install Visual Studio Code on Linux
Creating your first ASP.NET Core 3 application in Visual Studio Code
Creating your first ASP.NET Core 3 application in Linux
Introduction to the C# Interactive and LINQPad tools
Summary
Continuous Integration Pipeline in Azure DevOps
Technical requirements
CI, CD, and build and release pipelines
Using Azure DevOps for CI and CD
Creating a free Azure DevOps subscription and your first Azure DevOps project
Organizing your work via work items
Understanding the scrum process
Using Git as a VCS
Using feature branches
Merging changes and resolving conflicts
Creating an Azure DevOps build pipeline
Creating an Azure DevOps release pipeline
Summary
Section 2: A Practical Demonstration of ASP.NET Core 3
Basic Concepts of ASP.NET Core 3 via a Custom Application: Part 1
Preview of the Tic-Tac-Toe demo application
Building the Tic-Tac-Toe game
Conceiving and implementing your first Tic-Tac-Toe feature
Targeting different .NET Core versions in the .csproj files of your projects
Using the Microsoft.AspNetCore.App metapackage
Introduction to the default ASP.NET Core 3 classes
ASP.NET Core 3 start up classes
Working with the Program class
Working with .NET Generic Host instead of WebHostBuilder
Working with the Startup class
Preparing the basic project structure
Creating the Tic-Tac-Toe home page
Giving your web pages a more modern look by using NPM and layout pages
Updating the layout page
Creating the Tic-Tac-Toe user registration page
Creating the Tic-Tac-Toe user service
Using DI to encourage loose coupling
Creating the user service
Creating a basic communication middleware for the Tic-Tac-Toe application
Working with middleware
Creating the communication middleware
Working with static files
Using routing, URL redirection, and URL rewriting
Endpoint routing for ASP.NET Core 3
Adding error handling to the Tic-Tac-Toe application
Summary
Basic Concepts of ASP.NET Core 3 via a Custom Application: Part 2
Client-side development using JavaScript
Preliminary email confirmation functionality
Email confirmation by our user
Using XMLHttpRequest
Optimizing your web applications and using bundling and minification
Bundling and minification in action
Working with WebSockets for real-time communication scenarios
WebSockets in action
Taking advantage of session and user cache management
In-memory session providers
Distributed session providers
Applying globalization and localization for multi-lingual user interfaces
Globalization and localization concepts
Using the view localizer 
Localizing Data Annotations
Configuring your applications and services
Adding an email service
Configuring the email service
Implementing advanced dependency injection concepts
Method injection
Summary
Introducing Razor Components and SignalR
Client-side development using C# Razor components
Working with SignalR
What is SignalR
SignalR with server-side Blazor or Razor components
Using logging and telemetry for monitoring and supervision purposes
Building once and running on multiple environments
Summary
Creating ASP.NET Core MVC Applications
Understanding the Model View Controller pattern
Models
Views
Controllers
Unit tests
Integration tests
Creating dedicated layouts for multiple devices
The layout page in more detail
Optimizing for mobile devices
Understanding ASP.NET Core state management
Client-state management options
Hidden fields 
Cookies
Query string
Query string usage
Server-based state management options
Application state
Session state
Using view pages, partial views, View Components, and Tag Helpers
Using view pages
Using partial views
Using View Components
Using Tag Helpers
Dividing a web application into multiple areas
Applying advanced concepts such as view engines, unit tests, and integration tests
Using view engines
Providing better quality by creating unit tests and integration tests
Adding unit tests
Adding integration tests
Layering ASP.NET Core 3 applications
Determining the required layers
Deciding on the distribution for layers and components
Determining rules for interactions between layers
Identifying cross-cutting concerns
Summary
Creating Web API Applications
Technical requirements
Applying web API concepts and best practices
Building RPC-style web APIs
Building REST-style web APIs
Building HATEOAS-style web APIs
Securing your web API
ASP.NET Core web API help pages with Swagger/OpenAPI
Summary
Section 3: The ASP.NET Core 3 Supporting Ecosystem
Accessing Data Using Entity Framework Core 3
Getting started with Entity Framework Core 3
Establishing a connection
Defining primary keys and foreign keys via Data Annotations
Using Entity Framework Core 3 migrations
Creating, reading, updating, and deleting data
Understanding data relationships
Primary key
Foreign key
One-to-one relationships
One-to-many relationships
Many-to-many relationships
Working with queries
Querying for one item
Querying  for all items
Querying for filtered items
Using transactions
Summary
Securing ASP.NET Core 3 Applications
Implementing authentication
Adding basic user form authentication
Adding external provider authentication
Working with two-factor authentication
Two-factor authentication - step by step
Adding forgotten password and password reset mechanisms
Implementing authorization
Summary
Securing ASP.NET Applications - Vulnerabilities
Cross-Site Scripting (XSS)
Preventing XSS
Cookie stealing
Preventing cookie stealing
Eavesdropping, message tampering, and message replay
Preventing eavesdropping and message replay
Open redirects/XSR
Open redirects example
Preventing open redirects
SQL injection
Preventing SQL injection
Protecting SQL connection strings
Using the Persist Security Info default value in connection strings
Using object-relational mappers (ORMs)
Cross-Site Request Forgery (XSRF/CSRF)
XSRF/CSRF example
Preventing XSRF/CSRF
Domain referrers
User-generated tokens
Limitations
JS/JSON hijacking
Preventing JSON hijacking
Over-posting
Vulnerability example
Preventing over-posting
Clickjacking
Clickjacking example
Preventing clickjacking
Proper error reporting and stack trace
Error reporting vulnerability example
Preventing a screen of death
Summary
Hosting ASP.NET Core 3 Applications
Hosting applications
Deploying applications in AWS
Deploying applications in AWS Elastic Beanstalk
Getting the application running on AWS
Deploying applications in Microsoft Azure
Deploying applications in Microsoft Azure App Service
Getting an Azure App Service instance running
Publishing your code on Azure
Continuous integration with Azure Repos
Connecting the database
Deployment through the Web Deploy tool
Deploying applications into Docker containers
Deploying applications into Docker containers 
Publishing images to Docker Hub
Summary
Managing ASP.NET Core 3 Applications
Logging in ASP.NET Core 3 applications
Logging in Microsoft Azure
Enabling Microsoft Azure App Service
Logging in AWS
Monitoring ASP.NET Core 3 applications
Monitoring on-premises and in Docker
Monitoring in Microsoft Azure
Monitoring in AWS
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
XSRF/CSRF example
Next
Next Chapter
Domain referrers
Preventing XSRF/CSRF
The following are the most common ways through which XSRF/CSRF attacks can be thwarted.
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset