modelName Please Enter a Name new class text danger

Modelname please enter a name new class text danger

This preview shows page 15 - 19 out of 29 pages.

@Html.ValidationMessageFor(model => model.Name, "Please Enter a Name", new { @class = "text-danger" }) 3.4 Validation Error Messages (Validation Summary) • A Summary of the Validation Errors (excluding those already given) can be made @Html.ValidationSummary( true , "", new { @class = "text-danger" }) • All the error messages can be summarised by setting excludePropertyErrors = false @Html.ValidationSummary( false , "", new { @class = "text-danger" }) 3.4.1 HtmlAttibutes for Tool Tips
Image of page 15
@Html.TextBox("MyTextbox", new { title = "I'm a Tooltip!"} ) @Html.EditorFor(model => model.Name, new { htmlAttributes = new { title = "This is where you type in your name"} } ) 3.4.2 Tab Index Press tab will turn to next index @Html.EditorFor(model => model.phone, new { htmlAttributes = new { @class = "form-control", tabindex = 1 } }) 3.4.3 Hot Keys ( 热键 ) @class = "form-control" , accesskey = "d" } }) Alt + d … Week 7 Security and Identity 1. Top 10 Web Application Security Risks 1. Injection 2. Broken Authentication and Session Management 3. Sensitive Data Exposure 4. XML External Entity 5. Broken Access Control 6. Security Misconfiguration 7. Cross-Site Scripting 8. Insecure deserialization 9. Using Components With Known Vulnerabilities 10.Insufficient Logging and Monitoring 2. Multi factor authentication ● The authentication factors that make up a multi-factor authentication request must come from two or more of the following: ○ something the claimant knows (e.g. a personal identification number (PIN), password or response to a challenge) (Something you know) ○ something the claimant has (e.g. a physical token , smart card or software certificate) (Something you have)
Image of page 16
○ something the claimant is (e.g. a fingerprint or iris scan). (Something you are) 3. Hashing Hashing is an ideal way to store passwords, as hashes are inherently one-way in their nature. 4. ASP.NET Identity Goals One ASP.NET Identity system ● Ease of plugging in profile data about the user ● Persistence control ● Unit testability ● Role provider ● Claims based ● Social Login Providers ● Azure Active Directory ● OWIN Integration ● NuGet package 5. Log in features Require usernames and passwords Some applications use role based authentication – administrator roles, user roles etc Security and account information stored – on file system – or database 6. Securing an Action An Action (e.g. from the HomeController) can be restricted to logged in users – Use the [Authorize] annotation E.g. Now the user must log in to access the Contact action
Image of page 17
Use '[Authorize(Roles = "Administrator")]‘ – name of the roles are your choice. 7. Role and User based Security – Users can be restricted to their own data – Administrators given write access to all data – Public (no logged in users) given read access only 8. ASP.Net MVC Security issues make sure the default CRUD actions are secured However any user can directly access the edit/delete action using the url !
Image of page 18
Image of page 19

You've reached the end of your free preview.

Want to read all 29 pages?

  • Three '18
  • Staff
  • .NET Framework, Representational State Transfer, ASP.NET MVC, validation error messages , Take Down Request

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture