@Html.ValidationMessageFor(model => model.Name, "Please Enter a Name", new {
@class = "text-danger" })
3.4
Validation Error Messages (Validation Summary)
• A Summary of the Validation Errors (excluding those already given) can be made
@Html.ValidationSummary(
true
, "", new { @class = "text-danger" })
• All the error messages can be summarised by setting excludePropertyErrors = false
@Html.ValidationSummary(
false
, "", new { @class = "text-danger" })
3.4.1
HtmlAttibutes for Tool Tips
@Html.TextBox("MyTextbox",
new { title = "I'm a Tooltip!"}
)
@Html.EditorFor(model => model.Name,
new { htmlAttributes = new { title = "This is where you type
in your name"} }
)
3.4.2
Tab Index
Press tab will turn to next index
@Html.EditorFor(model => model.phone, new { htmlAttributes = new { @class = "form-control",
tabindex = 1
} })
3.4.3 Hot Keys (
热键
)
@class = "form-control"
, accesskey = "d"
} })
Alt + d …
Week 7
Security and Identity
1. Top 10 Web Application Security
Risks
1. Injection
2. Broken Authentication and Session Management
3. Sensitive Data Exposure
4. XML External Entity
5. Broken Access Control
6. Security Misconfiguration
7. Cross-Site Scripting
8. Insecure deserialization
9. Using Components With Known Vulnerabilities
10.Insufficient Logging and Monitoring
2.
Multi factor authentication
● The authentication factors that make up a multi-factor authentication request must come from
two or more
of the following:
○ something the claimant knows (e.g. a personal identification number (PIN),
password
or response
to a challenge)
(Something you know)
○ something the claimant has (e.g. a
physical token
, smart card or software certificate)
(Something
you have)
○ something the claimant is (e.g. a
fingerprint
or iris scan).
(Something you are)
3. Hashing
Hashing is an ideal way to store passwords, as hashes are inherently one-way in their nature.
4. ASP.NET Identity Goals
One ASP.NET Identity system
● Ease of plugging in profile data about the user
● Persistence control
● Unit testability
● Role provider
● Claims based
● Social Login Providers
● Azure Active Directory
● OWIN Integration
● NuGet package
5. Log in features
Require usernames and passwords
Some applications use role based authentication
– administrator roles, user roles etc
Security and account information stored
– on file system
– or database
6.
Securing an Action
An Action (e.g. from the HomeController) can be restricted to logged in users
– Use the [Authorize] annotation
E.g.
Now the user must log in to access the
Contact
action
Use '[Authorize(Roles = "Administrator")]‘ – name of the roles are your choice.
7.
Role and User based Security
– Users can be restricted to their own data
– Administrators given write access to all data
– Public (no logged in users) given read access only
8. ASP.Net MVC Security issues
make sure the default CRUD actions are
secured
However any user can
directly access
the edit/delete action using the url !
You've reached the end of your free preview.
Want to read all 29 pages?
- Three '18
- Staff
- .NET Framework, Representational State Transfer, ASP.NET MVC, validation error messages , Take Down Request
